projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
new upstream release (3.3.0); modify package compatibility for Stretch
[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / contrib / ossec-testing / tests / vsftpd.ini
diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/vsftpd.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/vsftpd.ini
new file mode 100644 (file)
index 0000000..32edb78
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/vsftpd.ini
@@ -0,0 +1,16 @@
+[CONNECT]
+log 1 pass = Wed Jul 27 18:32:27 2016 [pid 2] CONNECT: Client "fe80::baac:6fff:fe7d:d2e0"
+log 2 pass = Wed Jul 27 18:32:27 2016 [pid 2] CONNECT: Client "10.11.12.13"
+
+rule = 11401
+alert = 3
+decoder = vsftpd
+
+[LOGIN]
+log 1 pass = Mon Oct 24 11:32:53 2016 [pid 1] [$ALOC$] FAIL LOGIN: Client "10.55.112.101"
+log 2 pass = Mon Oct 24 11:32:53 2016 [pid 1] [$ALOC$] FAIL LOGIN: Client "fe80::baac:6fff:fe7d:d2e0"
+
+rule = 11403
+alert = 5
+decoder = vsftpd
ossec-hids