[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-cvs] ossec-hids: ossec_rules.xml (HEAD) [dcid]

To: ossec-cvs@xxxxxxxxx
Subject: [ossec-cvs] ossec-hids: ossec_rules.xml (HEAD) [dcid]
From: OSSEC CVS <cvs-commit@xxxxxxxxx>
Date: Fri, 20 Jul 2007 23:53:49 -0300 (ADT)
Content-transfer-encoding: 8bit

Module name:	ossec-hids
Changes by:	dcid	07/07/20 23:53:46

Modified files:
	ossec_rules.xml

Log message:
Description: A few more rules for rootcheck.
Reviewed by: dcid
Bug:

Index: ossec_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/ossec_rules.xml,v
diff -u -r1.9 -r1.10
--- ossec_rules.xml	19 Jul 2007 23:49:56 -0000	1.9
+++ ossec_rules.xml	21 Jul 2007 02:53:46 -0000	1.10
@@ -85,6 +85,13 @@
     <description>Windows application monitor event.</description>
     <group>rootcheck,</group>
   </rule>
+
+  <rule id="515" level="0">
+    <if_sid>510</if_sid>
+    <match>^Starting rootcheck scan</match>
+    <description>Ignoring rootcheck scan messages.</description>
+    <group>rootcheck,</group>
+  </rule>
   
   <rule id="518" level="9">
     <if_sid>514</if_sid>

Follow-Ups:
- [ossec-cvs] ossec-hids: ossec_rules.xml (HEAD) [dcid]
  - From: OSSEC CVS

Prev by Date: [ossec-cvs] ossec-hids: make.bat (HEAD) [dcid]
Next by Date: [ossec-cvs] ossec-hids: win_applications_rcl.txt (NEW) win_audit_rcl.txt (NEW) win_malware_rcl.txt (NEW) [dcid]
Previous by thread: [ossec-cvs] ossec-hids: make.bat (HEAD) [dcid]
Next by thread: [ossec-cvs] ossec-hids: ossec_rules.xml (HEAD) [dcid]
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.