pure-ftpd_rules_sv.xml

/rules/translated/pure_ftpd/pure-ftpd_rules_sv.xml

https://bitbucket.org/oscarschneider/ossec-rules
XML | 69 lines | 49 code | 13 blank | 7 comment | 0 complexity | 381e32a315dd93be504e14ee2b8893e6 MD5 | raw file
 1<!-- @(#) $Id: pure-ftpd_rules_sv.xml,v 1.1 2008/04/10 18:47:42 dcid Exp $
 2  -  Official pure-ftpd rules for OSSEC.
 3  -  Author: Peter Ahlert <peter@ifup.de>
 4  -  Author: Daniel B. Cid
 5  -  License: http://www.ossec.net/en/licensing.html
 6  -->
 7      
 8
 9<group name="syslog,pure-ftpd,">
10  <rule id="11300" level="0">
11    <decoded_as>pure-ftpd</decoded_as>
12    <description>Grouping for the pure-ftpd rules.</description>
13  </rule>
14  
15  <rule id="11301" level="3">
16    <if_sid>11300</if_sid>
17    <match>[INFO] Nyanslutning fr�n</match>
18    <description>New FTP connection.</description>
19    <group>connection_attempt,</group>
20  </rule>
21
22  <rule id="11302" level="5">
23    <if_sid>11300</if_sid>
24    <match>[WARNING] Beh�righetskontroll misslyckas f�r anv�ndare</match>
25    <description>FTP Authentication failed.</description>
26    <group>authentication_failed,</group>
27  </rule>
28
29  <rule id="11303" level="0">
30    <if_sid>11300</if_sid>
31    <match> [INFO] Logout| [INFO] Timeout</match>
32    <description>FTP user logout/timeout</description>
33  </rule>
34  
35  <rule id="11304" level="0">
36    <if_sid>11300</if_sid>
37    <match> [NOTICE] </match>
38    <description>FTP notice messages</description>
39  </rule>
40  
41  <rule id="11305" level="5">
42    <if_sid>11300</if_sid>
43    <match>[INFO] Kan ej �ndra bibliotek till</match>
44    <description>Attempt to access invalid directory</description>
45  </rule>  
46
47  <rule id="11306" level="10" frequency="6" timeframe="3600">
48    <if_matched_sid>11302</if_matched_sid>
49    <description>FTP brute force (multiple failed logins).</description>
50    <group>authentication_failures,</group>
51  </rule>
52
53  <rule id="11307" level="10" frequency="6" timeframe="60">
54    <if_matched_sid>11301</if_matched_sid>
55    <same_source_ip />
56    <description>Multiple connection attempts from same source.</description>
57    <group>recon,</group>
58  </rule>
59
60  <rule id="11309" level="3">
61    <match>[INFO] \S+ har loggat in</match>
62    <description>FTP Authentication success.</description>
63    <group>authentication_success,</group>
64  </rule>  
65
66</group> <!-- SYSLOG,PURE-FTPD -->
67
68
69<!-- EOF -->