X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=contrib%2Fossec-testing%2Ftests%2Fsshd.ini;fp=contrib%2Fossec-testing%2Ftests%2Fsshd.ini;h=e81c10c02a0f0c28c0d389d949de2c7fad53aaf7;hp=0000000000000000000000000000000000000000;hb=789cbc8e52da68eba3517b920ef22e000cf3c9fd;hpb=ef70704f0b31b59bb719b884d6a99cb9e3e2044a

diff --git a/contrib/ossec-testing/tests/sshd.ini b/contrib/ossec-testing/tests/sshd.ini
new file mode 100644
index 0000000..e81c10c
--- /dev/null
+++ b/contrib/ossec-testing/tests/sshd.ini
@@ -0,0 +1,76 @@
+[SSHD configuration error (AuthorizedKeysCommand)]
+log 1 pass = Feb  9 11:44:56 someserver sshd[1234]: error: Could not stat AuthorizedKeysCommand "/usr/local/sbin/ssh-ldap-authorized_keys": No such file or directory
+
+rule = 5739
+alert = 4
+decoder = sshd
+
+[ssh connection reset by peer]
+log 1 pass = Feb 10 23:21:05 someserver sshd[1234]: Read error from remote host 192.168.1.1: Connection reset by peer
+
+rule = 5740
+alert = 4
+decoder = sshd
+
+[ssh connection refused]
+log 1 pass = Feb 11 06:41:50 someserver sshd[1234]: debug1: channel 5: connection failed: Connection refused
+
+rule = 5741
+alert = 4
+decoder = sshd
+
+[ssh connection timed out]
+log 1 pass = Feb 12 17:45:09 someserver sshd[1234]: debug1: channel 3: connection failed: Connection timed out
+
+rule = 5742
+alert = 4
+decoder = sshd
+
+[ssh no route to host]
+log 1 pass = Jan 30 18:55:24 someserver sshd[1234]: debug1: channel 1: connection failed: No route to host
+
+rule = 5743
+alert = 4
+decoder = sshd
+
+[ssh port forwarding issue]
+log 1 pass = Feb 13 22:54:51 someserver sshd[1234]: debug1: server_input_channel_open: failure direct-tcpip
+
+rule = 5744
+alert = 4
+decoder = sshd
+
+[ssh transport endpoint is not connected]
+log 1 pass = Feb  6 12:28:17 someserver sshd[1234]: debug1: getpeername failed: Transport endpoint is not connected
+
+rule = 5745
+alert = 4
+decoder = sshd
+
+[ssh get_remote_port failed]
+log 1 pass = Feb  6 12:28:17 someserver sshd[1234]: debug1: get_remote_port failed
+
+rule = 5746
+alert = 4
+decoder = sshd
+
+[ssh bad client public DH value]
+log 1 pass = Feb  4 23:05:57 someserver sshd[1234]: Disconnecting: bad client public DH value [preauth]
+
+rule = 5747
+alert = 6
+decoder = sshd
+
+[ssh corrupted MAC on input]
+log 1 pass = Feb 14 14:34:15 someserver sshd[1234]: Corrupted MAC on input. [preauth]
+
+rule = 5748
+alert = 6
+decoder = sshd
+
+[ssh bad packet length]
+log 1 pass = Mar  4 13:34:59 someserver sshd[5396]: Bad packet length 4081586742. [preauth]
+
+rule = 5749
+alert = 4
+decoder = sshd