[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-cvs] ossec-hids: pix_rules.xml (HEAD) syslog_rules.xml (HEAD) [dcid]

To: ossec-cvs@xxxxxxxxx
Subject: [ossec-cvs] ossec-hids: pix_rules.xml (HEAD) syslog_rules.xml (HEAD) [dcid]
From: OSSEC CVS <cvs-commit@xxxxxxxxx>
Date: Sun, 12 Aug 2007 23:11:50 -0300 (ADT)
Content-transfer-encoding: 8bit

Module name:	ossec-hids
Changes by:	dcid	07/08/12 23:11:48

Modified files:
	pix_rules.xml syslog_rules.xml

Log message:
Description: A few new pix/sshd rules. Adding some additional libraries too (organizing mem_op).
Reviewed by: dcid
Bug:

Index: pix_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/pix_rules.xml,v
diff -u -r1.17 -r1.18
--- pix_rules.xml	19 Jul 2007 23:49:56 -0000	1.17
+++ pix_rules.xml	13 Aug 2007 02:11:48 -0000	1.18
@@ -168,6 +168,34 @@
     <id>^1-105005|^1-105009|^1-105043</id>
     <match>Failed|Lost Failover</match>
     <description>Firewall failover pair communication problem.</description>
+    <group>service_availability,</group>
+  </rule>
+
+  <rule id="4339" level="8">
+    <if_sid>4314</if_sid>
+    <id>^5-111003</id>
+    <description>Firewall configuration deleted.</description>
+    <group>config_changed,</group>
+  </rule>
+  
+  <rule id="4340" level="8">
+    <if_sid>4314</if_sid>
+    <id>^5-111005|^5-111004|^5-111002|^5-111007</id>
+    <description>Firewall configuration changed.</description>
+    <group>config_changed,</group>
+  </rule>
+
+  <rule id="4341" level="3">
+    <if_sid>4314</if_sid>
+    <id>^5-111008|^7-111009</id>
+    <description>Firewall command executed (for accouting only).</description>
+  </rule>
+  
+  <rule id="4342" level="8">
+    <if_sid>4314</if_sid>
+    <id>^5-502101|^5-502102|^5-502103</id>
+    <description>User created or modified on the Firewall.</description>
+    <group>adduser,account_changed,</group>
   </rule>
   
   <rule id="4380" level="10" frequency="6" timeframe="360">

Index: syslog_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/syslog_rules.xml,v
diff -u -r1.70 -r1.71
--- syslog_rules.xml	27 Jul 2007 22:26:14 -0000	1.70
+++ syslog_rules.xml	13 Aug 2007 02:11:48 -0000	1.71
@@ -28,8 +28,9 @@
     <description>File missing. Root access unrestricted.</description>
   </rule>
 
-  <rule id="1002" level="7">
+  <rule id="1002" level="2">
     <match>$BAD_WORDS</match>
+    <options>alert_by_email</options>
     <description>Unknown problem somewhere in the system.</description>
   </rule>

Prev by Date: [ossec-cvs] ossec-hids: mem_op.h (HEAD) [dcid]
Next by Date: [ossec-cvs] ossec-hids: rules_op.h (NEW) [dcid]
Previous by thread: [ossec-cvs] ossec-hids: mem_op.h (HEAD) [dcid]
Next by thread: [ossec-cvs] ossec-hids: rules_op.h (NEW) [dcid]
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.