projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
obrisane nepotrebne datoteke od zadnjeg builda
[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / exim_rules.xml
diff --git a/debian/ossec-hids/var/ossec/rules/exim_rules.xml b/debian/ossec-hids/var/ossec/rules/exim_rules.xml
deleted file mode 100644 (file)
index f6147df..0000000
--- a/debian/ossec-hids/var/ossec/rules/exim_rules.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!-- Authors: Alexandr Garaga
--  This program is a free software; you can redistribute it
--  and/or modify it under the terms of the GNU General Public
--  License (version 2) as published by the FSF - Free Software
--  Foundation.
--
--  License details: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
--->
-
-<group name="exim,">
-    <rule id="13000" level="0">
-      <decoded_as>windows-date-format</decoded_as>
-      <regex>^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d SMTP </regex>
-      <description>Exim SMTP Messages Grouped.</description>
-    </rule>
-
-    <rule id="13001" level="0">
-      <decoded_as>windows-date-format</decoded_as>
-      <regex>^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d dovecot</regex>
-      <description>dovecot messages grouped.</description>
-    </rule>
-
-    <rule id="13006" level="5">
-      <if_sid>13001</if_sid>
-      <match>authenticator failed</match>
-      <description>Exim Auth failed</description>
-      <group>invalid_login,authentication_failed,</group>
-    </rule>
-
-    <rule id="13007" level="10" frequency="6" timeframe="240">
-      <if_matched_sid>13006</if_matched_sid>
-      <same_source_ip />
-      <description>Exim brute force attack (multiple auth failures).</description>
-      <group>authentication_failures,</group>
-    </rule>
-
-    <rule id="13008" level="0">
-      <if_sid>13000</if_sid>
-      <match>connection count =</match>
-      <description>Exim connection</description>
-    </rule>
-
-    <rule id="13009" level="1">
-      <if_sid>13000</if_sid>
-      <match>lost$</match>
-      <description>Exim connection lost</description>
-    </rule>
-
-    <rule id="13010" level="5">
-      <if_sid>13000</if_sid>
-      <match>dropped: too many syntax or protocol errors</match>
-      <description>Exim syntax or protocol errors</description>
-    </rule>
-
-</group>
ossec-hids