new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / ossec-testing / tests / pam.ini

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/pam.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/pam.ini
new file mode 100644 (file)
index 0000000..a6e1eae
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/pam.ini
@@ -0,0 +1,36 @@
+[User login failed.]
+log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[23164]: authentication failure; logname= uid=1342 euid=0 tty= ruser=dcid rhost=  user=osaudit
+log 2 pass = Jun 28 23:01:27 xxxx auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=lipjigaglgihgoeadcdaa.p.salmon@xxx.xxx.xxx.xxx rhost=91.195.103.44
+
+rule = 5503
+alert = 5
+decoder = pam
+
+[Attempt to login with an invalid user.]
+log 1 pass = Nov 11 22:46:29 localhost vsftpd(pam_unix)[25073]: check pass; user unknown
+
+rule = 5504
+alert = 5
+decoder = pam
+
+[Login session opened.]
+log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[14592]: session opened for user news by (uid=0)
+
+rule = 5501
+alert = 3
+decoder = pam
+
+[Login session closed.]
+log 1 pass = Nov 11 22:46:29 localhost su(pam_unix)[14592]: session closed for user news
+
+rule = 5502
+alert = 3
+decoder = pam
+
+[User missed the password more than one time]
+log 1 pass = Nov 11 22:46:29 localhost sshd(pam_unix)[15794]: 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.3.1  user=root
+
+rule = 2502
+alert = 10
+decoder = pam
+