X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fopenbsd-httpd.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fopenbsd-httpd.ini;h=5bbdd19aee134e48d305bac1495c12bacd5ffd3b;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/openbsd-httpd.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/openbsd-httpd.ini
new file mode 100644
index 0000000..5bbdd19
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/openbsd-httpd.ini
@@ -0,0 +1,14 @@
+[access]
+log 1 pass = wafflelab.online 192.168.18.8 - - [08/Jul/2018:00:29:48 -0400] "GET / HTTP/1.0" 302 0
+log 2 pass = wafflelab.online 192.168.18.8 - - [08/Jul/2018:00:32:57 -0400] "GET /nmaplowercheck1531024375 HTTP/1.1" 302 0
+rule = 31100
+alert = 0
+decoder = openbsd-httpd
+
+[POST]
+log 1 pass = www.wafflelab.online 192.168.18.8 - - [08/Jul/2018:00:33:13 -0400] "POST /sdk HTTP/1.1" 404 0
+
+rule = 31530
+alert = 3
+decoder = openbsd-httpd
+