X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Flog-entries%2Faccess-control;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Flog-entries%2Faccess-control;h=a3cef5893e7b3146715a225d8055a3a9f7529de2;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git

diff --git a/debian/ossec-hids/var/ossec/rules/log-entries/access-control b/debian/ossec-hids/var/ossec/rules/log-entries/access-control
new file mode 100644
index 0000000..a3cef58
--- /dev/null
+++ b/debian/ossec-hids/var/ossec/rules/log-entries/access-control
@@ -0,0 +1,13 @@
+# Terminal failure
+Apr 27 17:27:19 niban login(pam_unix)[1059]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost=  user=root
+Apr 27 17:27:21 niban login[1059]: FAILED LOGIN 1 FROM (null) FOR root, Authentication failure
+# ssh (pam) failure
+Apr 27 17:33:59 niban sshd(pam_unix)[9420]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=niban.sfeng.sourcefire.com  user=dcid
+Apr 27 17:34:04 niban sshd(pam_unix)[9420]: 1 more authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=niban.sfeng.sourcefire.com  user=dcid
+# ssh failure root
+Apr 27 17:34:26 niban sshd(pam_unix)[9425]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=niban.sfeng.sourcefire.com  user=root
+
+# SSHD failed password
+Apr 27 17:34:04 niban sshd[9420]: Failed password for dcid from 10.4.12.26 port 40137 ssh2
+Apr 27 17:34:28 niban sshd[9425]: Failed password for root from 10.4.12.26 port 40138 ssh2
+