obrisane nepotrebne datoteke od zadnjeg builda

[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / pam_rules.xml

diff --git a/debian/ossec-hids/var/ossec/rules/pam_rules.xml b/debian/ossec-hids/var/ossec/rules/pam_rules.xml
deleted file mode 100644 (file)
index 87444e2..0000000
--- a/debian/ossec-hids/var/ossec/rules/pam_rules.xml
+++ /dev/null
@@ -1,117 +0,0 @@
-<!-- @(#) $Id: ./etc/rules/pam_rules.xml, 2012/07/23 dcid Exp $
-
-  -  Official Unix Pam rules for OSSEC.
-  -
-  -  Copyright (C) 2009 Trend Micro Inc.
-  -  All rights reserved.
-  -
-  -  This program is a free software; you can redistribute it
-  -  and/or modify it under the terms of the GNU General Public
-  -  License (version 2) as published by the FSF - Free Software
-  -  Foundation.
-  -
-  -  License details: http://www.ossec.net/en/licensing.html
-  -->
-
-
-<group name="pam,syslog,">
-  <rule id="5500" level="0" noalert="1">
-    <decoded_as>pam</decoded_as>
-    <description>Grouping of the pam_unix rules.</description>
-  </rule>
-  
-  <rule id="5501" level="3">
-    <if_sid>5500</if_sid>
-    <match>session opened for user </match>
-    <description>Login session opened.</description>
-    <group>authentication_success,</group>
-  </rule>
-
-  <rule id="5502" level="3">
-    <if_sid>5500</if_sid>
-    <match>session closed for user </match>
-    <description>Login session closed.</description>
-  </rule>
- 
-  <rule id="5503" level="5">
-    <if_sid>5500</if_sid>
-    <match>authentication failure; logname=</match>
-    <description>User login failed.</description>
-    <group>authentication_failed,</group>
-  </rule> 
- 
-  <rule id="5504" level="5">
-    <if_sid>5500</if_sid>
-    <match>check pass; user unknown|error retrieving information about user</match>
-    <description>Attempt to login with an invalid user.</description>
-    <group>invalid_login</group>
-  </rule> 
-
-  <!-- Ignoring Annoying Ubuntu/debian cron login events. -->
-  <rule id="5521" level="0">
-    <if_sid>5501</if_sid>
-    <program_name>^CRON$</program_name>
-    <match>^pam_unix(cron:session): session opened for user </match>
-    <description>Ignoring Annoying Ubuntu/debian cron login events.</description>
-  </rule>
-  
-  <rule id="5522" level="0">
-    <if_sid>5502</if_sid>
-    <program_name>^CRON$</program_name>
-    <match>^pam_unix(cron:session): session closed for user </match>
-    <description>Ignoring Annoying Ubuntu/debian cron login events.</description>
-  </rule>
-
-  <rule id="5523" level="0">
-    <if_sid>5504</if_sid>
-    <regex>^pam_unix\S+: check pass; user unknown$</regex>
-    <description>Ignoring events with a user or a password.</description>
-  </rule>
-
-  <rule id="5551" level="10" frequency="6" timeframe="180">
-    <if_matched_sid>5503</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple failed logins in a small period of time.</description>
-    <group>authentication_failures,</group>
-  </rule>
-
-  <rule id="5552" level="0">
-    <if_sid>5500</if_sid>
-    <match>gdm:auth): conversation failed</match>
-    <description>PAM and gdm are not playing nicely.</description>
-  </rule>
-
-   <rule id="5553" level="4">
-    <program_name>login</program_name>
-    <match>cannot open shared object file: No such file or directory</match>
-    <description>PAM misconfiguration.</description>
-  </rule>
-
-  <rule id="5554" level="4">
-    <program_name>login</program_name>
-    <match>illegal module type: </match>
-    <description>PAM misconfiguration.</description>
-  </rule>
-
-  <rule id="5555" level="3">
-    <match>: password changed for</match>
-    <description>User changed password.</description>
-  </rule>
-
-  <rule id="5556" level="0">
-    <decoded_as>unix_chkpwd</decoded_as>
-    <description>unix_chkpwd grouping.</description>
-  </rule>
-
-  <rule id="5557" level="5">
-    <if_sid>5556</if_sid>
-    <match>password check failed </match>
-    <description>Password check failed.</description>
-    <group>authentication_failure</group>
-  </rule>
-
-
-</group> <!-- SYSLOG,pam -->
-
-
-<!-- EOF -->