X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Flog-entries%2F1101;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Flog-entries%2F1101;h=0000000000000000000000000000000000000000;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hp=c1b844702fb8aa4620fb6bb913659977860271c4;hpb=3f728675941dc69d4e544d3a880a56240a6e394a;p=ossec-hids.git diff --git a/debian/ossec-hids/var/ossec/rules/log-entries/1101 b/debian/ossec-hids/var/ossec/rules/log-entries/1101 deleted file mode 100644 index c1b8447..0000000 --- a/debian/ossec-hids/var/ossec/rules/log-entries/1101 +++ /dev/null @@ -1,18 +0,0 @@ -su[2921936]: succeeded: ttyq4 changing from root to ldap -su[2921936]: failed: ttyq4 changing from root to ldap -su: failed: ttyq# changing from to root -su[234]: BAD SU ger to fwmaster on /dev/ttyp0 -Sep 11 01:40:59 bogus.com su: ericx to root on /dev/ttyu0 -Sep 12 18:40:02 bogus.com su: BAD su rachel on /dev/ttyp1 - -Feb 14 17:20:27 niban su(pam_unix)[23164]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost= user=osaudit -May 4 11:17:42 niban su(pam_unix)[2298]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost= user=root -May 4 11:18:52 niban su(pam_unix)[2307]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost= user=test - -Jun 8 09:01:01 niban su(pam_unix)[1313]: session opened for user root by (uid=1342) -Jun 9 13:32:14 niban su(pam_unix)[1338]: session opened for user root by (uid=1342) -#Slack: -Jul 5 00:30:21 lili su[2190]: + pts/4 dcid-root -Jul 5 12:13:15 lili su[2614]: Authentication failed for root -Jul 5 12:13:15 lili su[2614]: - pts/6 dcid-root -