X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Fsquid_rules.xml;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Fsquid_rules.xml;h=0000000000000000000000000000000000000000;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hp=d74ef2ebf11de9a3177a3b393530b79c9c46c19d;hpb=3f728675941dc69d4e544d3a880a56240a6e394a;p=ossec-hids.git
diff --git a/debian/ossec-hids/var/ossec/rules/squid_rules.xml b/debian/ossec-hids/var/ossec/rules/squid_rules.xml
deleted file mode 100644
index d74ef2e..0000000
--- a/debian/ossec-hids/var/ossec/rules/squid_rules.xml
+++ /dev/null
@@ -1,212 +0,0 @@
-
-
-
-
-
-
-
-8
-
-
-
-
- squid
- Squid messages grouped.
-
-
-
-
-
- 35000
- ^4|^5|^6
- Squid generic error codes.
-
-
-
- 35002
- ^400
- Bad request/Invalid syntax.
-
-
-
- 35002
- ^401
- Unauthorized: Failed attempt to access
- authorization-required file or directory.
-
-
-
- 35002
- ^403
- Forbidden: Attempt to access forbidden file
- or directory.
-
-
-
- 35002
- ^404
- Not Found: Attempt to access non-existent
- file or directory.
-
-
-
- 35002
- ^407
- Proxy Authentication Required: User is not
- authorized to use proxy.
-
-
-
- 35002
- ^4
- Squid 400 error code (request failed).
-
-
-
- 35002
- ^5|^6
- Squid 500/600 error code (server error).
-
-
-
- 35009
- ^503
- Squid 503 error code (server unavailable).
-
-
-
-
- 35006
- blst.php|xxx3.php|ngr7.php|ngr2.php|/nul.php$|/mul.php$|/444.php
- Attempt to access a Beagle worm (or variant)
- file.
- http://www.symantec.com/avcenter/venc/data/w32.beagle.dp.html
- W32.Beagle.DP is a Worm that drops Trojan.Lodear and opens a back door on the compromised computer.
- automatic_attack,
-
-
-
-
- 35006
- /jk/exp.wmf$|/PopupSh.ocx$
- Attempt to access a worm/trojan related site.
- automatic_attack,
-
-
-
-
- 35004, 35005, 35006, 35009
- .jpg|.gif|favicon.ico$|.png$|.swf|.txt$|.zip|.css|.xml|.js|.bmp$|
- windowsupdate/redir/wuredir.cab|
- ^http://codecs.microsoft.com/isapi/ocget.dll|
- ^http://activex.microsoft.com/objects/ocget.dll|
- ^http://webmessenger.msn.com/session/null|
- ^http://sqm.msn.com/sqm/wmp/sqmserver.dll|
- ^http://config.messenger.msn.com/Config/MsgrConfig.asmx|
- kaspersky-labs.com/|
- ^http://liveupdate.symantecliveupdate.com/|
- _vti_bin/owssvr.dll|MSOffice/cltreq.asp|
- google.com/mt?|
- google.com/kh?|
- ^http://kh.google.com/flatfile
-
-
-
- Ignored files on a 40x error.
-
-
-
-
- 35005
-
-
- Multiple attempts to access forbidden file
- or directory from same source ip.
-
-
-
- 35007
-
- Multiple unauthorized attempts to use proxy.
-
-
-
- 35003
-
-
- Multiple Bad requests/Invalid syntax.
-
-
-
- 35021
-
- Infected machine with W32.Beagle.DP.
- http://www.symantec.com/avcenter/venc/data/w32.beagle.dp.html
- W32.Beagle.DP is a Worm that drops Trojan.Lodear and opens a back door on the compromised computer.
-
-
-
- 35006
-
-
- Multiple attempts to access a non-existent file.
-
-
-
- 35022
-
- Multiple attempts to access a worm/trojan/virus
- related web site. System probably infected.
-
-
-
- 35008
-
-
- Multiple 400 error codes (requests failed).
-
-
-
- 35009
-
-
- Multiple 500/600 error codes (server error).
-
-
-
- 35055
-
- Ignoring multiple attempts from same source ip
- (alert only once).
-
-
-
-
-
-