X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fcisco_ios.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fcisco_ios.ini;h=e4a7a1e044af99aaa28214f63f775971c8b95d89;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/cisco_ios.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/cisco_ios.ini
new file mode 100644
index 0000000..e4a7a1e
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/cisco_ios.ini
@@ -0,0 +1,21 @@
+[cisco ios ids: sig]
+log 1 pass = Sep  1 10:25:29 10.10.10.1 %IPS-4-SIGNATURE: Sig:3051 Subsig:1 Sev:4 TCP Connection Window Size DoS [192.168.100.11:51654 -> 10.10.10.10:4444]
+log 2 pass = Sep  1 10:25:29 10.10.10.1 %IPS-4-SIGNATURE: Sig:3051 Subsig:1 Sev:4 TCP Connection Window Size DoS [192.168.100.11:60797 -> 10.10.10.10:80]
+log 3 pass = Sep  1 10:25:29 10.10.10.1 %IPS-4-SIGNATURE: Sig:5123 Subsig:2 Sev:5 WWW IIS Internet Printing Overflow [192.168.100.11:60797 -> 10.10.10.10:80]
+
+
+rule = 20100
+alert = 8
+decoder = cisco-ios
+
+
+[cisco ios: acl ]
+log 1 pass = Sep  1 10:25:29 10.10.10.1 %SEC-6-IPACCESSLOGP: list 102 denied tcp 10.0.6.56(3067) -> 172.36.4.7(139), 1 packet
+log 2 pass = Sep  1 10:25:29 10.10.10.1 %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1477) -> 10.0.127.20(445), 1 packet
+
+
+rule = 4100
+alert = 0
+decoder = cisco-ios
+
+