obrisane nepotrebne datoteke od zadnjeg builda

[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / dovecot_rules.xml
diff --git a/debian/ossec-hids/var/ossec/rules/dovecot_rules.xml b/debian/ossec-hids/var/ossec/rules/dovecot_rules.xml

deleted file mode 100644 (file)

index cd49bf6..0000000
--- a/debian/ossec-hids/var/ossec/rules/dovecot_rules.xml
+++ /dev/null
@@ -1,91 +0,0 @@
-<!-- Copyright (C) 2009 Michael Starks
-  -  This program is a free software; you can redistribute it
-  -  and/or modify it under the terms of the GNU General Public
-  -  License (version 3) as published by the FSF - Free Software
-  -  Foundation.
- -->
-
-
-<group name="dovecot,">
-<rule id="9700" level="0">
-  <decoded_as>dovecot</decoded_as>
-  <description>Dovecot Messages Grouped.</description>
-</rule>
-
-<rule id="9701" level="3">
-  <if_sid>9700</if_sid>
-  <match>login: Login: </match>
-  <description>Dovecot Authentication Success.</description>
-  <group>authentication_success,</group>
-</rule>
-
-<rule id="9702" level="5">
-  <if_sid>9700</if_sid>
-  <match>Password mismatch$</match>
-  <description>Dovecot Authentication Failed.</description>
-  <group>authentication_failed,</group>
-</rule>
-
-<rule id="9703" level="3">
-  <if_sid>9700</if_sid>
-  <match>starting up</match>
-  <description>Dovecot is Starting Up.</description>
-</rule>
-
-<rule id="9704" level="2">
-  <if_sid>9700</if_sid>
-  <match>^Fatal: </match>
-  <options>alert_by_email</options>
-  <description>Dovecot Fatal Failure.</description>
-</rule>
-
-<rule id="9705" level="5">
-  <if_sid>9700</if_sid>
-  <match>user not found|User not known|unknown user|auth failed</match>
-  <description>Dovecot Invalid User Login Attempt.</description>
-  <group>invalid_login,authentication_failed,</group>
-</rule>
-
-<rule id="9706" level="3">
-  <if_sid>9700</if_sid>
-  <match>: Disconnected: </match>
-  <description>Dovecot Session Disconnected.</description>
-</rule>
-
-<rule id="9707" level="5">
-  <if_sid>9700</if_sid>
-  <match>: Aborted login</match>
-  <description>Dovecot Aborted Login.</description>
-  <group>invalid_login,</group>
-</rule>
-
-
-<!-- Composite rules -->
-<rule id="9750" level="10" frequency="6" timeframe="120">
-  <if_matched_sid>9702</if_matched_sid>
-  <same_source_ip />
-  <description>Dovecot Multiple Authentication Failures.</description>
-  <group>authentication_failures,</group>
-</rule>
-
-<rule id="9751" level="10" frequency="6" timeframe="240">
-  <if_matched_sid>9705</if_matched_sid>
-  <same_source_ip />
-  <description>Dovecot brute force attack (multiple auth failures).</description>
-  <group>authentication_failures,</group>
-</rule>
-
-<rule id="9770" level="0">
-  <decoded_as>dovecot-info</decoded_as>
-  <description>dovecot-info grouping.</description>
-</rule>
-
-<rule id="9771" level="5">
-  <if_sid>9770</if_sid>
-  <match>user not found|User not known|unknown user|auth failed</match>
-  <description>Dovecot Invalid User Login Attempt.</description>
-  <group>invalid_login,authentication_failed,</group>
-</rule>
- 
-
-</group>