+++ /dev/null
- <!-- Copyright 2010 Dan Parriott (ddpbsd@gmail.com)
- - This program is a free software; you can redistribute it
- - and/or modify it under the terms of the GNU General Public
- - License (version 2) as published by the FSF - Free Software
- - Foundation.
- -
- - License details: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
- -->
-
-<group name="syslog,unbound,">
-
- <rule id="53760" level="0">
- <decoded_as>unbound</decoded_as>
- <description>Unbound grouping.</description>
- </rule>
-
- <rule id="53761" level="1">
- <if_sid>53760</if_sid>
- <match> notice: </match>
- <description>Notice grouping.</description>
- </rule>
-
- <rule id="53762" level="1">
- <if_sid>53760</if_sid>
- <match> info: </match>
- <description>Info grouping.</description>
- </rule>
-
- <rule id="53770" level="2">
- <if_sid>53761</if_sid>
- <match>sendto failed: Can't assign requested address</match>
- <description>Can't assign requested address.</description>
- </rule>
-
- <rule id="53771" level="0">
- <if_sid>53762</if_sid>
- <match> A IN$</match>
- <description>DNS A request.</description>
- </rule>
-
- <rule id="53772" level="0">
- <if_sid>53762</if_sid>
- <match> AAAA IN$</match>
- <description>DNS AAAA request.</description>
- </rule>
-
- <rule id="53773" level="7">
- <if_sid>53771,53772</if_sid>
- <url>.top.|.to.|.gq.|.cf.|.men.|.loan.|.ml.|.work.|.click.|.tk.|.country.|.pw.|.party.|.trade.|.review.|.club.|.bid.|.country.|.stream.|.download.|.xin.|.gdn.|.racing.|.jetzt.|.win.|.vip.|.ren.|.kim.|.mom.|.date.|.wang.|.accountants.|.science.|.work.|.ninja.|.xyz.|.faith.|.zip.|.racing.|.cricket.|.space.|.realtor.|.christmas.|.gdn.|.pro.</url>
- <description>Maybe critical URL requested</description>
- </rule>
-
-</group>
projects / ossec-hids.git / blobdiff