[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] new rule ids
Hi list,
I didn't fully check the new rule ids Daniel has set on CVS,
However, I attach a small patch to correct to rule ids in syslog_rules.xml.
(I'll check all files this weekend).
Regards,
Ahmet Ozturk.
Index: ossec-hids/etc/rules/syslog_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/syslog_rules.xml,v
retrieving revision 1.51
diff -u -r1.51 syslog_rules.xml
---
ossec-hids/etc/rules/syslog_rules.xml
9 Aug 2006 02:49:53 -0000 1.51
+++ ossec-hids/etc/rules/syslog_rules.xml 10 Aug 2006 19:23:39 -0000
@@ -274,12 +274,12 @@
<rule id="5302" level="9">
<user>root</user>
- <if_sid>1101</if_sid>
+ <if_sid>5301</if_sid>
<description>User missed the password to change UID to root</description>
</rule>
<rule id="5303" level="3">
- <if_sid>1100</if_sid>
+ <if_sid>5300</if_sid>
<regex>session opened for user root|</regex>
<regex>^su[\d+]: + \S+ \S+-root$</regex>
<description>User sucessfully changed UID to root</description>
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.