Project

General

Profile

Feature #304

New rules for su attempts on FreeBSD systems

Added by almost 14 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
Normal
Target version:
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

Hi all.

I'm still not sure do we need separate su.rules file for them or we may put them to pam.rules file and update pcre.rules to:

regex=([Pp][Aa][Mm]_|[Ss][Uu]);     include = pam.rules;

Attached file has the updated rules for [[FreeBSD]]-style su attempts (check if analyzer.name should be "PAM" instead of used "su"):

Best regards,
Alexander Afonyashin

su.rules - new prelude-lml rules (3.08 KB) , 08/12/2008 04:02 PM

History

#1 Updated by almost 14 years ago

Oops, small correction to regex rule:

regex=([Pp][Aa][Mm]_|[Ss][Uu]:); include = pam.rules;

#2 Updated by Yoann VANDOORSELAERE almost 14 years ago

  • Status changed from New to Assigned

#3 Updated by Yoann VANDOORSELAERE almost 14 years ago

  • Status changed from Assigned to Closed
  • Resolution set to fixed

(In r10886) New rulesets for [[FreeBSD]] su attempts, thanks Alexander Afonyashin <>
for contributing this! Fix #304.

#4 Updated by Yoann VANDOORSELAERE over 13 years ago

  • Project changed from PRELUDE SIEM to Prelude-LML
  • Category deleted (4)
  • Target version deleted (0.9.13)

Also available in: Atom PDF