X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fsu.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fsu.ini;h=0000000000000000000000000000000000000000;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hp=023106b2d9c707043c82f35893621fedb5680aeb;hpb=3f728675941dc69d4e544d3a880a56240a6e394a;p=ossec-hids.git

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/su.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/su.ini
deleted file mode 100644
index 023106b..0000000
--- a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/su.ini
+++ /dev/null
@@ -1,27 +0,0 @@
-[su: failed ]
-log 1 pass = Apr 27 15:22:23 niban su[2921936]: failed: ttyq4 changing from ldap to root
-log 2 pass = Jun 20 17:19:59 dactyl su: FAILED SU (to root) mmoorcro on pts/0
-rule = 5302
-alert = 9
-decoder = su
-
-[su: bad pass]
-log 1 pass = Apr 27 15:22:23 niban su[234]: BAD SU ger to fwmaster on /dev/ttyp0
-rule = 5301
-alert = 5
-decoder = su
-
-[su: pam - auth fail]
-log 1 fail = Apr 27 15:22:23 niban su(pam_unix)[23164]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost=  user=osaudit
-log 2 fail = Apr 27 15:22:23 niban su(pam_unix)[2298]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost=  user=root
-rule = 5503
-alert = 5
-decoder = su
-
-
-[su: work fts]
-log 1 pass = Apr 22 17:51:51 enigma su: dcid to root on /dev/ttyp1
-rule = 5305
-alert = 4
-decoder = su
-