X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fnginx.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fnginx.ini;h=91aa78035615be15d75b3673c9bf6edd641832f0;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/nginx.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/nginx.ini new file mode 100644 index 0000000..91aa780 --- /dev/null +++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/nginx.ini @@ -0,0 +1,79 @@ +; YYYY/MM/DD HH:MM:SS [LEVEL] PID:TID yadda yadda +[Nginx messages grouped.] +log 1 pass = 2014/12/30 06:07:37 [yadda] 80:2 yadda yadda + +rule = 31300 +alert = 0 +decoder = nginx-errorlog + +[Nginx error message.] +log 1 pass = 2014/12/30 06:07:37 [error] 80:2 yadda yadda + +rule = 31301 +alert = 3 +decoder = nginx-errorlog + +[Nginx warning message.] +log 1 pass = 2014/12/30 06:07:37 [warn] 80:2 yadda yadda + +rule = 31302 +alert = 3 +decoder = nginx-errorlog + +[Nginx critical message.] +log 1 pass = 2014/12/30 06:07:37 [crit] 80:2 + +rule = 31303 +alert = 5 +decoder = nginx-errorlog + +[Server returned 404 (reported in the access.log).] +log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah failed (2: No such file or directory) +log 2 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah is not found (2: No such file or directory) + +rule = 31310 +alert = 0 +decoder = nginx-errorlog + +[Incomplete client request.] +log 1 pass = 2015/01/08 11:31:23 [error] 80:2 blah blah accept() failed (53: Software caused connection abort) + +rule = 31311 +alert = 0 +decoder = nginx-errorlog + +[Initial 401 authentication request.] +log 1 pass = 2015/01/08 11:31:23 [error] 80:2 no user/password was provided for basic authentication + +rule = 31312 +alert = 0 +decoder = nginx-errorlog + +[Web authentication failed.] +log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda password mismatch, client yadda +log 2 pass = 2015/01/08 11:31:23 [error] 80:2 yadda was not found in yadda + +rule = 31315 +alert = 5 +decoder = nginx-errorlog + +# Can't yet test frequency +;[Multiple web authentication failures.] +; +;rule = 31316 +;alert = 10 +;decoder = nginx-errorlog + +[Common cache error when files were removed.] +log 1 pass = 2015/01/08 11:31:23 [crit] 80:2 yadda yadda failed (2: No such file or directory + +rule = 31317 +alert = 0 +decoder = nginx-errorlog + +[Invalid URI, file name too long.] +log 1 pass = 2015/01/08 11:31:23 [error] 80:2 yadda yadda failed (36: File name too long) + +rule = 31320 +alert = 10 +decoder = nginx-errorlog