X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;ds=inline;f=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Flog-entries%2F1401;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Flog-entries%2F1401;h=d8f33edb4d0c4236afae9c48ab12874b8f1da5b9;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/debian/ossec-hids/var/ossec/rules/log-entries/1401 b/debian/ossec-hids/var/ossec/rules/log-entries/1401
new file mode 100644
index 0000000..d8f33ed
--- /dev/null
+++ b/debian/ossec-hids/var/ossec/rules/log-entries/1401
@@ -0,0 +1,6 @@
+#Red Hat box
+Feb  1 14:39:16 nogan sudo:    test2 : 3 incorrect password attempts ; TTY=pts/4 ; PWD=/home/test2 ; USER=root ; COMMAND=/bin/ls
+#OpenBSD
+Jan 28 20:36:33 enigma sudo:     dcid : 3 incorrect password attempts ; TTY=ttyp0 ; PWD=/home/dcid ; USER=root ; COMMAND=/bin/ls
+May 26 19:40:25 enigma sudo:     dcid : 3 incorrect password attempts ; TTY=ttyp0 ; PWD=/var/www/htdocs ; USER=root ; COMMAND=/bin/ls
+