[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: vsftpd rule

To: Daniel Cid <daniel.cid@xxxxxxxxx>
Subject: [ossec-list] Re: vsftpd rule
From: Joachim Vorrath <joachim.vorrath@xxxxxxxxxxxxxx>
Date: Tue, 6 Jun 2006 23:56:15 +0200
Cc: "Jorge Augusto Senger" <jorge@xxxxxxxxxxx>, ossec-list@xxxxxxxxx

Hi Daniel,

thx for the quick help!

I added the vsftpd_rules, added vsftpd.log and added the changes to   
the ossec.conf


# --- snipp ---
 > 2006/06/06 23:48:51 ossec-analysisd: Reading rules file:  
'attack_rules.xml'
 > 2006/06/06 23:48:51 ossec-analysisd: Reading rules file:  
'vsftpd_rules.xml'
 > 2006/06/06 23:48:51 ossec-analysisd: Total rules enabled: '305'
 > .....
 > 2006/06/06 23:48:57 ossec-logcollector(1950): Analyzing file: '/ 
var/log/messages'.
 > 2006/06/06 23:48:57 ossec-logcollector(1950): Analyzing file: '/ 
var/log/secure'.
 > 2006/06/06 23:48:57 ossec-logcollector(1950): Analyzing file: '/ 
var/log/maillog'.
 > 2006/06/06 23:48:57 ossec-logcollector(1950): Analyzing file: '/ 
var/log/vsftpd.log'.
# --------

ossec is running, so we will see



regards

Jochen





Am 06.06.2006 um 22:07 schrieb Daniel Cid:

> Hi Jorge and Joachim,
>
> Based on the logs you provided, I created some rules for vsftpd.
> They were working correctly on my testing environment...
>
> They are on the following package:
> http://www.ossec.net/files/ossec-hids-0.8-2.tar.gz
>
> Basically, the vsftpd rules will be handled by the vsftpd_rules.xml  
> and
> the ones from pam_unix, by the file pam_rules_xml... Can you let
> me know if it is working or not? Also, make sure to add
> "<include>vsftpd_rules.xml</include>" to your ossec.conf
> (and also to configure ossec to read /var/logs/vsftpd.log).
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid @ ( at ) ossec.net
>
> On 6/3/06, Jorge Augusto Senger <jorge@xxxxxxxxxxx> wrote:
>> Daniel,
>>
>> I need also a vsftpd rule. I've try to do it by myself, but the rules
>> doesn't work.
>> Here follows my part of my conf files. Can you tell, please, what  
>> did I
>> miss?
>>
>> Thanks,
>> Jorge


______________________________________
XamimeLT - installed on mailserver for domain at vorrath-net.de
Queries to: postmaster at vorrath-net.de

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

References:
- [ossec-list] Re: vsftpd rule
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: vsftpd rule
Next by Date: [ossec-list] strftime() on Solaris 8
Previous by thread: [ossec-list] Re: vsftpd rule
Next by thread: [ossec-list] Re: vsftpd rule
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.