X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fdoas.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fdoas.ini;h=db1d04a0a780d68290edc0903d4dc3413b6eadb6;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/doas.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/doas.ini
new file mode 100644
index 0000000..db1d04a
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/doas.ini
@@ -0,0 +1,28 @@
+[failed command]
+log 1 fail = Apr 13 08:49:20 ix doas: failed command for ddp2: ls
+
+rule = 51554
+alert = 5
+decoder = doas
+
+[command run as root]
+log 1 fail = Mar 22 07:21:58 ix doas: ddp ran command /bin/ksh as root from /data/ddp/projects/git/sysconf/ossec/rules
+
+rule = 51556
+alert = 2
+decoder = doas
+
+[failed auth]
+log 1 fail = Feb 29 14:58:39 ix doas: failed auth for ddp
+
+rule = 51557
+alert = 5
+decoder = doas
+
+[doas command run]
+log 1 fail = Aug 13 15:16:40 ix doas: ddp ran command as ddpnfs: ls
+
+rule = 51555
+alert = 1
+decoder = doas
+