new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / etc / rules / linux_usbdetect_rules.xml

diff --git a/etc/rules/linux_usbdetect_rules.xml b/etc/rules/linux_usbdetect_rules.xml
new file mode 100644 (file)
index 0000000..07577fc
--- /dev/null
+++ b/etc/rules/linux_usbdetect_rules.xml
@@ -0,0 +1,43 @@
+<!-- OSSEC USB-detection Rule for Linux - https://www.thomas-krenn.com/de/wiki/Ubuntu_Syslog -->
+
+<group name="linux, usb,">
+       
+  <rule id="53600" level="0">
+    <program_name>kernel</program_name>
+    <match>usb</match>
+    <description>Linux USB detection messages grouped</description>
+  </rule>
+
+       
+  <rule id="53601" level="8">
+    <if_sid>53600</if_sid>
+    <match>New USB device found</match>
+    <description>A new USB device was found by the system</description>
+    <group>linux,</group>
+  </rule>
+
+       
+  <rule id="53602" level="8">
+    <if_sid>53600</if_sid>
+    <match>new low-speed USB device</match>
+    <description>New Low-Speed USB Device was connected.</description>
+    <group>linux,</group>
+  </rule>
+
+
+  <rule id="53603" level="8">
+    <if_sid>53600</if_sid>
+    <match>new high-speed USB device</match>
+    <description>New High-Speed USB Device was connected</description>
+    <group>linux,</group>
+  </rule>
+
+       
+  <rule id="53604" level="3">
+    <if_sid>53600</if_sid>
+    <match>USB disconnect</match>
+    <description>USB device was disconnected</description>
+    <group>linux,</group>
+  </rule>
+
+</group>