projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
new upstream release (3.3.0); modify package compatibility for Stretch
[ossec-hids.git] / debian / ossec-hids / var / ossec / rules / wordpress_rules.xml
diff --git a/debian/ossec-hids/var/ossec/rules/wordpress_rules.xml b/debian/ossec-hids/var/ossec/rules/wordpress_rules.xml
new file mode 100644 (file)
index 0000000..edbb837
--- /dev/null
+++ b/debian/ossec-hids/var/ossec/rules/wordpress_rules.xml
@@ -0,0 +1,69 @@
+<!-- @(#) $Id: ./etc/rules/wordpress_rules.xml, 2011/09/08 dcid Exp $
+
+  -  Official Wordpress rules for OSSEC.
+  -
+  -  Author: Daniel B. Cid
+  -
+  -  This program is a free software; you can redistribute it
+  -  and/or modify it under the terms of the GNU General Public
+  -  License (version 3) as published by the FSF - Free Software
+  -  Foundation.
+  -
+  -  License details: http://www.ossec.net/en/licensing.html
+  -->
+
+<group name="syslog,wordpress,"> 
+  <rule id="9500" level="0">
+    <decoded_as>wordpress</decoded_as>
+    <description>Wordpress messages grouped.</description>
+  </rule>
+   
+  <rule id="9501" level="5">
+    <if_sid>9500</if_sid>
+    <match>User authentication failed</match>
+    <description>Wordpress authentication failed.</description>
+    <group>authentication_failed,</group>
+  </rule>
+       
+  <rule id="9502" level="3">
+    <if_sid>9500</if_sid>
+    <match>User logged in</match>
+    <description>Wordpress authentication succeeded.</description>
+    <group>authentication_success,</group>
+  </rule> 
+
+  <rule id="9503" level="3">
+    <if_sid>9500</if_sid>
+    <match>WPsyslog was successfully initiali</match>
+    <description>WPsyslog was successfully initialized.</description>
+  </rule> 
+
+  <rule id="9504" level="3">
+    <if_sid>9500</if_sid>
+    <match>Plugin deactivated</match>
+    <description>Wordpress plugin deactivated.</description>
+  </rule> 
+
+  <rule id="9505" level="7">
+    <if_sid>9500</if_sid>
+    <match>Warning: Comment flood attempt</match>
+    <description>Wordpress Comment Flood Attempt.</description>
+  </rule>
+
+  <rule id="9510" level="7">
+    <if_sid>9500</if_sid>
+    <match>Warning: IDS:</match>
+    <description>Attack against Wordpress detected.</description>
+  </rule> 
+
+  <rule id="9551" level="10">
+    <if_matched_sid>9501</if_matched_sid>
+    <same_source_ip />
+    <description>Multiple wordpress authentication failures.</description> 
+    <group>authentication_failures,</group>
+  </rule>
+
+</group>
+  
+
+<!-- EOF -->
ossec-hids