58 lines
1.5 KiB
Django/Jinja
58 lines
1.5 KiB
Django/Jinja
<!-- @(#) $Id: ./etc/rules/local_rules.xml, 2011/09/08 dcid Exp $
|
|
|
|
- Example of local rules for OSSEC.
|
|
-
|
|
- Copyright (C) 2009 Trend Micro Inc.
|
|
- All rights reserved.
|
|
-
|
|
- This program is a free software; you can redistribute it
|
|
- and/or modify it under the terms of the GNU General Public
|
|
- License (version 2) as published by the FSF - Free Software
|
|
- Foundation.
|
|
-
|
|
- License details: http://www.ossec.net/en/licensing.html
|
|
-->
|
|
|
|
|
|
<!-- Modify it at your will. -->
|
|
|
|
<group name="local,syslog,">
|
|
|
|
<!-- Note that rule id 5711 is defined at the ssh_rules file
|
|
- as a ssh failed login. This is just an example
|
|
- since ip 1.1.1.1 shouldn't be used anywhere.
|
|
- Level 0 means ignore.
|
|
-->
|
|
<rule id="100001" level="0">
|
|
<if_sid>5711</if_sid>
|
|
<srcip>1.1.1.1</srcip>
|
|
<description>Example of rule that will ignore sshd </description>
|
|
<description>failed logins from IP 1.1.1.1.</description>
|
|
</rule>
|
|
|
|
|
|
<!-- This example will ignore ssh failed logins for the user name XYZABC.
|
|
-->
|
|
<!--
|
|
<rule id="100020" level="0">
|
|
<if_sid>5711</if_sid>
|
|
<user>XYZABC</user>
|
|
<description>Example of rule that will ignore sshd </description>
|
|
<description>failed logins for user XYZABC.</description>
|
|
</rule>
|
|
-->
|
|
|
|
|
|
<!-- Specify here a list of rules to ignore. -->
|
|
<!--
|
|
<rule id="100030" level="0">
|
|
<if_sid>12345, 23456, xyz, abc</if_sid>
|
|
<description>List of rules to be ignored.</description>
|
|
</rule>
|
|
-->
|
|
|
|
</group> <!-- SYSLOG,LOCAL -->
|
|
|
|
|
|
<!-- EOF -->
|