projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.5.1
[ossec-hids.git]
/
etc
/
rules
/
ftpd_rules.xml
diff --git
a/etc/rules/ftpd_rules.xml
b/etc/rules/ftpd_rules.xml
index
813ae81
..
3db50b6
100755
(executable)
--- a/
etc/rules/ftpd_rules.xml
+++ b/
etc/rules/ftpd_rules.xml
@@
-1,4
+1,4
@@
-<!-- @(#) $Id: ftpd_rules.xml,v 1.6 2008/08/05 18:54:23 dcid Exp $
+<!-- @(#) $Id$
- Official ftpd rules for OSSEC.
- Author: Ahmet Ozturk
- License: http://www.ossec.net/en/licensing.html
- Official ftpd rules for OSSEC.
- Author: Ahmet Ozturk
- License: http://www.ossec.net/en/licensing.html
@@
-89,6
+89,13
@@
<description>FTP authentication failure.</description>
<group>authentication_failed,</group>
</rule>
<description>FTP authentication failure.</description>
<group>authentication_failed,</group>
</rule>
+
+ <rule id="11113" level="5">
+ <if_sid>11100</if_sid>
+ <regex>^login \S+ from \S+ failed</regex>
+ <description>FTP authentication failure.</description>
+ <group>authentication_failed,</group>
+ </rule>
</group> <!-- SYSLOG,FTPD -->
</group> <!-- SYSLOG,FTPD -->