projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
obrisane nepotrebne datoteke od zadnjeg builda
[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / arpwatch_rules.xml
diff --git a/debian/ossec-hids/var/ossec/rules/arpwatch_rules.xml b/debian/ossec-hids/var/ossec/rules/arpwatch_rules.xml
deleted file mode 100644 (file)
index f059f8b..0000000
--- a/debian/ossec-hids/var/ossec/rules/arpwatch_rules.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<!-- @(#) $Id: ./etc/rules/arpwatch_rules.xml, 2011/09/08 dcid Exp $
-
-  -  Official Arpwatch rules for OSSEC.
-  -
-  -  Copyright (C) 2009 Trend Micro Inc.
-  -  All rights reserved.
-  -
-  -  This program is a free software; you can redistribute it
-  -  and/or modify it under the terms of the GNU General Public
-  -  License (version 2) as published by the FSF - Free Software
-  -  Foundation.
-  -
-  -  License details: http://www.ossec.net/en/licensing.html
-  -->
-                            
-
-<group name="syslog,arpwatch,">
-  <rule id="7200" level="0" noalert="1">
-    <decoded_as>arpwatch</decoded_as>
-    <description>Grouping of the arpwatch rules.</description>
-  </rule>
-
-  <rule id="7201" level="4">
-    <if_sid>7200</if_sid>
-    <options>alert_by_email</options>
-    <if_fts />
-    <description>Arpwatch new host detected.</description>
-    <group>new_host,</group>
-  </rule>
-                  
-  <rule id="7202" level="9">
-    <if_sid>7200</if_sid>
-    <match>flip flop </match>
-    <description>Arpwatch "flip flop" message. </description>
-    <description>IP address/MAC relation changing too often.</description>
-    <group>ip_spoof,</group>
-  </rule>
-
-  <rule id="7203" level="3">
-    <if_sid>7200</if_sid>
-    <match>reaper: pid </match>
-    <description>Arpwatch exiting.</description>
-    <group>service_availability,</group>
-  </rule>
-  <rule id="7204" level="9">
-    <if_sid>7200</if_sid>
-    <match>changed ethernet address </match>
-    <description>Changed network interface for ip address.</description>
-    <group>ip_spoof,</group>
-  </rule> 
-  <rule id="7205" level="0">
-    <if_sid>7200</if_sid>
-    <match>bad interface eth0|exiting|Running as </match>
-    <description>Arpwatch startup/exiting messages.</description>
-  </rule> 
-
-  <rule id="7206" level="0">
-    <if_sid>7200</if_sid>
-    <match>sent bad addr len</match>
-    <description>Arpwatch detected bad address len (ignored).</description>
-  </rule> 
-
-  <rule id="7207" level="1">
-    <if_sid>7200</if_sid>
-    <match>/dev/bpf0: Permission denied</match>
-    <description>arpwatch probably run with wrong permissions</description>
-  </rule>
-
-  <rule id="7208" level="1">
-    <if_sid>7200</if_sid>
-    <match>reused old ethernet address</match>
-    <description>An IP has reverted to an old ethernet address.</description>
-  </rule>
-
-  <rule id="7209" level="7">
-    <if_sid>7200</if_sid>
-    <match>ethernet mismatch</match>
-    <description>Possible arpspoofing attempt.</description>
-    <group>ip_spoof,</group>
-  </rule>
-
-
-
-</group> <!-- SYSLOG,arpwatch, -->
-
-
-<!-- EOF -->
ossec-hids