Project

General

Profile

Bug #243

user_id.name in ssh.rules - id 1913 expsoing name as "invalid"

Added by skippylou-gmail-com - almost 12 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

prelude-lml-0.9.8.1

Unsure if this is intended or not, but in rule id 1913 in ssh.rules, this idmef field is currently set to:

target(0).user.user_id(0).name=$2;

which prints either illegal or invalid as opposed to the username actually in the syslog message, which would be exposed as:

target(0).user.user_id(0).name=$3;

at any rate, figured i would mention it here.

thanks,

scotto

History

#1 Updated by Yoann VANDOORSELAERE almost 12 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

(In r9670) Fix by Scott Olihovik <>: invalid user.user_id(0).name assignement in SSH rule 1913 (fix #243).

#2 Updated by Yoann VANDOORSELAERE about 10 years ago

  • Project changed from PRELUDE SIEM to Prelude-LML
  • Category deleted (generic)
  • Target version deleted (0.9.10.1)

Also available in: Atom PDF