X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Fossec-testing%2Ftests%2Frsh.ini;fp=contrib%2Fossec-testing%2Ftests%2Frsh.ini;h=9804df0c19174a1d2db29f984360e06970340606;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/contrib/ossec-testing/tests/rsh.ini b/contrib/ossec-testing/tests/rsh.ini
new file mode 100644
index 0000000..9804df0
--- /dev/null
+++ b/contrib/ossec-testing/tests/rsh.ini
@@ -0,0 +1,8 @@
+[rshd: illegal]
+log 1 pass = Dec 17 10:49:23 hostname rshd[347339]: Connection from 10.217.223.31 on illegal port 
+log 2 fail = Dec 17 10:49:23 hostname rhsd[347339]: Connection from 10.217.223.31 on illegal port 
+
+rule = 2551
+alert = 10
+decoder = rshd
+