1 <!-- @(#) $Id: ./etc/rules/roundcube_rules.xml, 2011/09/08 dcid Exp $
3 - Official Roundcube rules for OSSEC.
5 - Author: Michael Starks
7 - This program is a free software; you can redistribute it
8 - and/or modify it under the terms of the GNU General Public
9 - License (version 3) as published by the FSF - Free Software
12 - License details: http://www.ossec.net/en/licensing.html
15 <group name="syslog,roundcube,">
16 <rule id="9400" level="0">
17 <decoded_as>roundcube</decoded_as>
18 <description>Roundcube messages grouped.</description>
21 <rule id="9401" level="6">
23 <match>failed (LOGIN)| Login failed | Authentication failed| Failed login </match>
24 <description>Roundcube authentication failed.</description>
25 <group>authentication_failed,</group>
28 <rule id="9402" level="3">
30 <match>Successful login</match>
31 <description>Roundcube authentication succeeded.</description>
32 <group>authentication_success,</group>
35 <rule id="9403" level="10" frequency="6" timeframe="120">
36 <if_matched_sid>9401</if_matched_sid>
38 <description>Roundcube brute force (multiple failed logins).</description>
39 <group>authentication_failures,</group>