-<!-- @(#) $Id: attack_rules.xml,v 1.18 2009/06/24 17:06:19 dcid Exp $
+<!-- @(#) $Id: ./etc/rules/attack_rules.xml, 2011/09/08 dcid Exp $
+
- Official "attack" correlation rules for OSSEC.
-
- Copyright (C) 2009 Trend Micro Inc.
-
- This program is a free software; you can redistribute it
- and/or modify it under the terms of the GNU General Public
- - License (version 3) as published by the FSF - Free Software
+ - License (version 2) as published by the FSF - Free Software
- Foundation.
-
- License details: http://www.ossec.net/en/licensing.html
<rule id="40107" level="14">
<regex>cachefsd: Segmentation Fault - core dumped</regex>
<description>Heap overflow in the Solaris cachefsd service.</description>
- <cve>2002-0033</cve>
+ <info type='cve'>2002-0033</info>
<group>exploit_attempt,</group>
</rule>
<match>attempt to execute code on stack by</match>
<description>Stack overflow attempt or program exiting </description>
<description>with SEGV (Solaris).</description>
- <info>http://snap.nlc.dcccd.edu/reference/sysadmin/julian/ch18/389-392.html</info>
+ <info type="link">http://snap.nlc.dcccd.edu/reference/sysadmin/julian/ch18/389-392.html</info>
<group>exploit_attempt,</group>
</rule>
-<!-- Privilege scalation messages -->
+<!-- Privilege escalation messages -->
<group name="syslog,elevation_of_privilege,">
<rule id="40501" level="15" timeframe="300" frequency="2">
<if_group>adduser</if_group>
<if_matched_group>connection_attempt</if_matched_group>
<description>Network scan from same source ip.</description>
<same_source_ip />
- <info>http://project.honeynet.org/papers/enemy2/</info>
+ <info type="link">http://project.honeynet.org/papers/enemy2/</info>
</rule>
</group> <!-- SYSLOG,SCANS -->
projects / ossec-hids.git / blobdiff