/rules/translated/pure_ftpd/pure-ftpd_rules_sv.xml
XML | 69 lines | 49 code | 13 blank | 7 comment | 0 complexity | 381e32a315dd93be504e14ee2b8893e6 MD5 | raw file
1<!-- @(#) $Id: pure-ftpd_rules_sv.xml,v 1.1 2008/04/10 18:47:42 dcid Exp $ 2 - Official pure-ftpd rules for OSSEC. 3 - Author: Peter Ahlert <peter@ifup.de> 4 - Author: Daniel B. Cid 5 - License: http://www.ossec.net/en/licensing.html 6 --> 7 8 9<group name="syslog,pure-ftpd,"> 10 <rule id="11300" level="0"> 11 <decoded_as>pure-ftpd</decoded_as> 12 <description>Grouping for the pure-ftpd rules.</description> 13 </rule> 14 15 <rule id="11301" level="3"> 16 <if_sid>11300</if_sid> 17 <match>[INFO] Nyanslutning fr�n</match> 18 <description>New FTP connection.</description> 19 <group>connection_attempt,</group> 20 </rule> 21 22 <rule id="11302" level="5"> 23 <if_sid>11300</if_sid> 24 <match>[WARNING] Beh�righetskontroll misslyckas f�r anv�ndare</match> 25 <description>FTP Authentication failed.</description> 26 <group>authentication_failed,</group> 27 </rule> 28 29 <rule id="11303" level="0"> 30 <if_sid>11300</if_sid> 31 <match> [INFO] Logout| [INFO] Timeout</match> 32 <description>FTP user logout/timeout</description> 33 </rule> 34 35 <rule id="11304" level="0"> 36 <if_sid>11300</if_sid> 37 <match> [NOTICE] </match> 38 <description>FTP notice messages</description> 39 </rule> 40 41 <rule id="11305" level="5"> 42 <if_sid>11300</if_sid> 43 <match>[INFO] Kan ej �ndra bibliotek till</match> 44 <description>Attempt to access invalid directory</description> 45 </rule> 46 47 <rule id="11306" level="10" frequency="6" timeframe="3600"> 48 <if_matched_sid>11302</if_matched_sid> 49 <description>FTP brute force (multiple failed logins).</description> 50 <group>authentication_failures,</group> 51 </rule> 52 53 <rule id="11307" level="10" frequency="6" timeframe="60"> 54 <if_matched_sid>11301</if_matched_sid> 55 <same_source_ip /> 56 <description>Multiple connection attempts from same source.</description> 57 <group>recon,</group> 58 </rule> 59 60 <rule id="11309" level="3"> 61 <match>[INFO] \S+ har loggat in</match> 62 <description>FTP Authentication success.</description> 63 <group>authentication_success,</group> 64 </rule> 65 66</group> <!-- SYSLOG,PURE-FTPD --> 67 68 69<!-- EOF -->