new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / ossec-testing / tests / openbsd-dhcpd.ini

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/openbsd-dhcpd.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/openbsd-dhcpd.ini
new file mode 100644 (file)
index 0000000..799bab6
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/openbsd-dhcpd.ini
@@ -0,0 +1,25 @@
+[lease release]
+log 1 pass = Jan 26 18:12:55 junction dhcpd[4842]: IP address 192.168.1.16 answers a ping after sending a release
+log 2 pass = Jan 26 18:12:40 junction dhcpd[4842]: Possible release spoof - Not releasing address 192.168.17.160
+
+rule = 53003
+alert = 5
+decoder = dhcpd
+
+[no free leases]
+log 1 pass = Jan 26 17:42:32 junction dhcpd[4842]: no free leases on subnet 192.168.17.0
+
+rule = 53011
+alert = 7
+decoder = dhcpd
+
+[normal dhcp stuff]
+log 1 pass = Jan 27 09:25:36 junction dhcpd[71391]: DHCPREQUEST for 192.168.17.164 from f4:8c:50:9d:eb:35 via em1
+log 2 pass = Jan 27 09:25:36 junction dhcpd[71391]: DHCPDISCOVER from f4:8c:50:9d:eb:35 via em1
+log 3 pass = Jan 27 09:25:31 junction dhcpd[71391]: DHCPOFFER on 192.168.17.164 to f4:8c:50:9d:eb:35 via em1
+
+rule = 53001
+alert = 1
+decoder = dhcpd
+
+