Feature #340
New ruleset for PPP/PPTPD/L2TP
Start date:
Due date:
% Done:
0%
Resolution:
fixed
Description
New ruleset for PPP/PPTPD/L2TP
History
#1 Updated by Pierre Chifflier over 15 years ago
- Status changed from New to Assigned
Overall looks good, just a few comments:
- The line preceding the rule should use the following format:
#LOG: Dec 4 23:01:36 beorc pppr24796: tun2: Phase: Chap Input: RESPONSE (49 bytes from afonyashin)
instead of#Dec 4 23:01:36 beorc pppr24796: tun2: Phase: Chap Input: RESPONSE (49 bytes from afonyashin)
This allows automated tools to run tests (and check that signature really matches the line)
- in rule 2, you have the following:
assessment.impact.completion=succeeded; \ assessment.impact.description=Authenticated successfully; \
This is redundant. You should use something like 'Authentication attempt' in description, the completion will tell the result by itself
- not all your rules have an 'id' field
#2 Updated by Pierre Chifflier over 15 years ago
One more point:
- impact.description can be set in first rule, since it is generic, so you assign the description when creating the context, and the status (success/failed) when you get the result.
#3 Updated by Yoann VANDOORSELAERE about 15 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed
(In r11135) New PPP/PPTPD/L2TP ruleset, by Alexander Afonyashin <firm@iname.com>,
with slight modification from Pierre Chifflier <p.chifflier@inl.fr>.
Close #340.
#4 Updated by Yoann VANDOORSELAERE about 15 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
4) - Target version deleted (
93)