[ossec-dev] ossec-hids: named_rules.xml (HEAD) vsftpd_rules.xml (HEAD) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	06/08/29 16:35:41

Modified files:
	named_rules.xml vsftpd_rules.xml

Log message:
Description: More fixes for the client/server control. Added global ossec lock and some new rules..
Reviewed by: dcid
Bug:

Index: named_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/named_rules.xml,v
diff -u -r1.11 -r1.12
--- named_rules.xml	11 Aug 2006 18:59:48 -0000	1.11
+++ named_rules.xml	29 Aug 2006 19:35:41 -0000	1.12
@@ -51,7 +51,7 @@
 
   <rule id="12107" level="0">
     <if_sid>12100</if_sid>
-    <regex>client \S+ update \S+ denied</regex>
+    <regex>update \S+ denied</regex>
     <description>DNS update using RFC2136 Dynamic protocol.</description>
     <info>http://www.isc.org/index.pl?/sw/bind/FAQ.php</info>
   </rule>

Index: vsftpd_rules.xml
===================================================================
RCS file: /usr/cvsroot/ossec-hids/etc/rules/vsftpd_rules.xml,v
diff -u -r1.2 -r1.3
--- vsftpd_rules.xml	9 Aug 2006 02:49:53 -0000	1.2
+++ vsftpd_rules.xml	29 Aug 2006 19:35:41 -0000	1.3
@@ -30,9 +30,15 @@
     <if_sid>11400</if_sid>
     <match>FAIL LOGIN: </match>
     <group>authentication_failed</group>
-    <description>Login failed accessing the FTP server</description>
+    <description>Login failed accessing the FTP server.</description>
   </rule>
-
+  
+  <rule id="11404" level="0">
+    <if_sid>11400</if_sid>
+    <match>OK UPLOAD: </match>
+    <description>FTP server file upload.</description>
+  </rule>
+  
   <rule id="11451" level="10" frequency="6" timeframe="120">
     <if_matched_sid>11403</if_matched_sid>
     <same_source_ip />