-<!-- @(#) $Id: sshd_rules.xml,v 1.22 2009/11/09 20:18:52 dcid Exp $
+<!-- @(#) $Id$
- Official SSHD rules for OSSEC.
-
- Copyright (C) 2009 Trend Micro Inc.
-
- This program is a free software; you can redistribute it
- and/or modify it under the terms of the GNU General Public
- - License (version 3) as published by the FSF - Free Software
+ - License (version 2) as published by the FSF - Free Software
- Foundation.
-
- License details: http://www.ossec.net/en/licensing.html
<rule id="5709" level="0">
<if_sid>5700</if_sid>
<match>error: Could not get shadow information for NOUSER|</match>
- <match>fatal: Read from socket failed: |error: ssh_msg_send: write</match>
+ <match>fatal: Read from socket failed: |error: ssh_msg_send: write|</match>
+ <match>^syslogin_perform_logout: </match>
<description>Useless SSHD message without an user/ip and context.</description>
</rule>
<if_matched_sid>5713</if_matched_sid>
<match>Local: crc32 compensation attack</match>
<description>SSH CRC-32 Compensation attack</description>
- <cve>2001-0144</cve>
- <info>http://www.securityfocus.com/bid/2347/info/</info>
+ <info type="cve">2001-0144</info>
+ <info type="link">http://www.securityfocus.com/bid/2347/info/</info>
<group>exploit_attempt,</group>
</rule>