Feature #304
New rules for su attempts on FreeBSD systems
Start date:
Due date:
% Done:
0%
Resolution:
fixed
Description
Hi all.
I'm still not sure do we need separate su.rules file for them or we may put them to pam.rules file and update pcre.rules to:
regex=([Pp][Aa][Mm]_|[Ss][Uu]); include = pam.rules;
Attached file has the updated rules for [[FreeBSD]]-style su attempts (check if analyzer.name should be "PAM" instead of used "su"):
Best regards,
Alexander Afonyashin
History
#1 Updated by almost 15 years ago
Oops, small correction to regex rule:
regex=([Pp][Aa][Mm]_|[Ss][Uu]:); include = pam.rules;
#2 Updated by Yoann VANDOORSELAERE almost 15 years ago
- Status changed from New to Assigned
#3 Updated by Yoann VANDOORSELAERE almost 15 years ago
- Status changed from Assigned to Closed
- Resolution set to fixed
(In r10886) New rulesets for [[FreeBSD]] su attempts, thanks Alexander Afonyashin <firm@iname.com>
for contributing this! Fix #304.
#4 Updated by Yoann VANDOORSELAERE about 14 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
4) - Target version deleted (
0.9.13)