new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / last_rootlogin_rules.xml

diff --git a/debian/ossec-hids/var/ossec/rules/last_rootlogin_rules.xml b/debian/ossec-hids/var/ossec/rules/last_rootlogin_rules.xml
new file mode 100644 (file)
index 0000000..f9358ae
--- /dev/null
+++ b/debian/ossec-hids/var/ossec/rules/last_rootlogin_rules.xml
@@ -0,0 +1,13 @@
+<!-- Rules for detecting sensitive users in last logged in users list -->
+<!-- Set level 3 or higher at rule 535 in ossec_rules.xml and comment out <options>no_log</options> to get this working -->
+
+
+<group name="access-control,">
+
+  <rule id="25000" level="7">
+    <if_sid>535</if_sid>
+    <match>root|reboot|admin|superuser|administrator|supervisor|toor</match>
+    <description>sensitive login detected</description>
+  </rule>
+
+</group>