[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: vsftpd rule

To: "Jorge Augusto Senger" <jorge@xxxxxxxxxxx>, "Joachim Vorrath" <joachim.vorrath@xxxxxxxxxxxxxx>
Subject: [ossec-list] Re: vsftpd rule
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 6 Jun 2006 17:07:54 -0300
Cc: ossec-list@xxxxxxxxx

Hi Jorge and Joachim,

Based on the logs you provided, I created some rules for vsftpd.
They were working correctly on my testing environment...

They are on the following package:
http://www.ossec.net/files/ossec-hids-0.8-2.tar.gz

Basically, the vsftpd rules will be handled by the vsftpd_rules.xml and
the ones from pam_unix, by the file pam_rules_xml... Can you let
me know if it is working or not? Also, make sure to add
"<include>vsftpd_rules.xml</include>" to your ossec.conf
(and also to configure ossec to read /var/logs/vsftpd.log).

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 6/3/06, Jorge Augusto Senger <jorge@xxxxxxxxxxx> wrote:
> Daniel,
>
> I need also a vsftpd rule. I've try to do it by myself, but the rules
> doesn't work.
> Here follows my part of my conf files. Can you tell, please, what did I
> miss?
>
> Thanks,
> Jorge

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: vsftpd rule
  - From: Kayvan A. Sylvan
- [ossec-list] Re: vsftpd rule
  - From: Joachim Vorrath
- [ossec-list] Re: vsftpd rule
  - From: Joachim Vorrath
- [ossec-list] Re: vsftpd rule
  - From: Seth Art

Prev by Date: [ossec-list] Re: The part of ossec were aborted
Next by Date: [ossec-list] Re: vsftpd rule
Previous by thread: [ossec-list] Re: White-list for a network
Next by thread: [ossec-list] Re: vsftpd rule
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.