projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
obrisane nepotrebne datoteke od zadnjeg builda
[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / ftpd_rules.xml
diff --git a/debian/ossec-hids/var/ossec/rules/ftpd_rules.xml b/debian/ossec-hids/var/ossec/rules/ftpd_rules.xml
deleted file mode 100644 (file)
index 4172a36..0000000
--- a/debian/ossec-hids/var/ossec/rules/ftpd_rules.xml
+++ /dev/null
@@ -1,103 +0,0 @@
-<!-- @(#) $Id: ./etc/rules/ftpd_rules.xml, 2011/09/08 dcid Exp $
-
-  -  Official ftpd rules for OSSEC.
-  -  Author: Ahmet Ozturk
-  -  License: http://www.ossec.net/en/licensing.html
-  -->
-      
-
-<group name="syslog,ftpd,">
-  <rule id="11100" level="0" noalert="1">
-    <decoded_as>ftpd</decoded_as>
-    <description>Grouping for the ftpd rules.</description>
-  </rule>
-  
-  <rule id="11101" level="5">
-    <if_sid>11100</if_sid>
-    <match>FTP LOGIN REFUSED</match>
-    <description>FTP connection refused.</description>
-    <group>authentication_failed,access_denied,</group>
-  </rule>
-
-  <rule id="11102" level="0">
-    <if_sid>11100</if_sid>
-    <match> created </match>
-    <description>File created via FTP</description>
-  </rule>
-
-  <rule id="11103" level="0">
-    <if_sid>11100</if_sid>
-    <match> deleted </match>
-    <description>File deleted via FTP</description>
-  </rule>
-
-  <rule id="11104" level="0">
-    <if_sid>11100</if_sid>
-    <match>FTPD: IMPORT file</match>
-    <description>User uploaded a file to server.</description>
-  </rule>
-            
-  <rule id="11105" level="0">
-    <if_sid>11100</if_sid>
-    <match>FTPD: EXPORT file</match>
-    <description>User downloaded a file to server.</description>
-  </rule>
-
-  <rule id="11106" level="3">
-    <if_sid>11100</if_sid>
-    <match>FTP LOGIN FROM|connection from|connect from</match>
-    <group>connection_attempt</group>
-    <description>Remote host connected to FTP server.</description>
-  </rule>
-
-  <rule id="11107" level="5">
-    <if_sid>11100</if_sid>
-    <match>refused connect from</match>
-    <group>access_denied,</group>
-    <description>Connection blocked by Tcp Wrappers.</description>
-  </rule>
-
-  <rule id="11108" level="5">
-    <if_sid>11100</if_sid>
-    <match>warning: can't verify hostname: |gethostbyaddr: </match>
-    <description>Reverse lookup error (bad ISP config).</description>
-    <group>client_misconfig,</group>
-  </rule>
-
-  <rule id="11109" level="10">
-    <if_sid>11100</if_sid>
-    <match>repeated login failures</match>
-    <description>Multiple FTP failed login attempts.</description>
-    <group>authentication_failures,</group>
-  </rule>
-
-  <rule id="11110" level="3">
-    <if_sid>11100</if_sid>
-    <match>timed out after</match>
-    <description>User disconnected due to time out.</description>
-  </rule>
-
-  <rule id="11111" level="9">
-    <if_sid>11100</if_sid>
-    <match>PAM_ERROR_MSG: Account is disabled</match>
-    <description>Attempt to login with disabled account.</description>
-    <group>authentication_failed,</group>
-  </rule>
-
-  <rule id="11112" level="5">
-    <if_sid>11100</if_sid>
-    <match>^Failed authentication from</match>
-    <description>FTP authentication failure.</description>
-    <group>authentication_failed,</group>
-  </rule>
-
-  <rule id="11113" level="5">
-    <if_sid>11100</if_sid>
-    <regex>^login \S+ from \S+ failed</regex>
-    <description>FTP authentication failure.</description>
-    <group>authentication_failed,</group>
-  </rule>
-</group> <!-- SYSLOG,FTPD -->
-
-
-<!-- EOF -->
ossec-hids