X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fapache.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fapache.ini;h=0000000000000000000000000000000000000000;hp=1fd79a6cdee14c184229b864fbdf807e1b91009a;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hpb=3f728675941dc69d4e544d3a880a56240a6e394a diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/apache.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/apache.ini deleted file mode 100644 index 1fd79a6..0000000 --- a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/apache.ini +++ /dev/null @@ -1,81 +0,0 @@ -[Attempt to access forbidden directory index.] -log 1 pass = [error] [client 80.230.208.105] Directory index forbidden by rule: /home/ -rule = 30106 -alert = 5 -decoder = apache-errorlog - -[Code Red attack] -log 1 pass = [error] [client 64.94.163.159] Client sent malformed Host header -rule = 30107 -alert = 6 -decoder = apache-errorlog - -[Attempt to access an non-existent file] -log 1 pass = [error] [client 66.31.142.16] File does not exist: /var/www/html/default.ida -rule = 30112 -alert = 0 -decoder = apache-errorlog - -[Apache notice messages grouped] -log 1 pass = [notice] Apache configured -rule = 30103 -alert = 0 -decoder = apache-errorlog - -[Apache 2.2 error messages grouped] -log 1 pass = [Fri Dec 13 06:59:54 2013] [error] [client 12.34.65.78] PHP Notice: -rule = 30101 -alert = 0 -decoder = apache-errorlog - -[Apache 2.4 error messages grouped] -log 1 pass = [Tue Sep 30 11:30:13.262255 2014] [core:error] [pid 20101] [client 99.47.227.95:34567] AH00037: Symbolic link not allowed or link target not accessible: /usr/share/awstats/icon/mime/document.png -log 2 pass = [Tue Sep 30 12:11:21.258612 2014] [ssl:error] [pid 30473] AH02032: Hostname www.example.com provided via SNI and hostname ssl://www.example.com provided via HTTP are different -rule = 30301 -alert = 0 -decoder = apache-errorlog - -[Apache 2.4 warn messages grouped] -log 1 pass = [Tue Sep 30 12:24:22.891366 2014] [proxy:warn] [pid 2331] [client 77.127.180.111:54082] AH01136: Unescaped URL path matched ProxyPass; ignoring unsafe nocanon, referer: http://www.easylinker.co.il/he/links.aspx?user=bguyb -rule = 30302 -alert = 0 -decoder = apache-errorlog - -[Attempt to access forbidden file or directory] -log 1 pass = [Tue Sep 30 14:25:44.895897 2014] [authz_core:error] [pid 31858] [client 99.47.227.95:38870] AH01630: client denied by server configuration: /var/www/example.com/docroot/ -rule = 30305 -alert = 5 -decoder = apache-errorlog - -[Apache messages grouped] -log 1 pass = [Thu Oct 23 15:17:55.926067 2014] [ssl:info] [pid 18838] [client 36.226.119.49:2359] AH02008: SSL library error 1 in handshake (server www.example.com:443) -log 2 pass = [Thu Oct 23 15:17:55.926123 2014] [ssl:info] [pid 18838] SSL Library Error: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request -- speaking HTTP to HTTPS port!? -rule = 30100 -alert = 0 -decoder = apache-errorlog - -[PHP Notices in Apache 2.4 errorlog] -log 1 pass = [Sun Nov 23 18:49:01.713508 2014] [:error] [pid 15816] [client 141.8.147.9:51507] PHP Notice: A non well formed numeric value encountered in /path/to/file.php on line 123 -rule = 30318 -alert = 5 -decoder = apache-errorlog - -[auth fail] -log 1 pass = [Tue Feb 07 08:50:22.679122 2017] [auth_basic:error] [pid 14446] [client 10.101.1.50:33168] AH01617: user pupkin: authentication failure for "/secret/": Password Mismatch -rule = 30308 -alert = 5 -decoder = apache-errorlog - -[script 404] -log 1 pass = [Tue Feb 07 02:43:19.799723 2017] [cgi:error] [pid 9721] [client 10.101.1.50:44324] AH02811: script not found or unable to stat: /var/www/html/showmail.pl -rule = 30321 -alert = 2 -decoder = apache-errorlog - -[permission denied] -log 1 pass = [Thu Feb 02 01:44:27.699327 2017] [access_compat:error] [pid 7934] [client ::1:50058] AH01797: client denied by server configuration: /var/www/html/' -log 2 pass = [Thu Feb 02 00:59:02.285651 2017] [core:error] [pid 20009] (13)Permission denied: [client ::1:49934] AH00132: file permissions deny server access: /var/www/html/1 -rule = 30320 -alert = 2 -decoder = apache-errorlog -