Sophie

Sophie

distrib > Mandriva > current > i586 > media > contrib-release-src > by-pkgid > 9758220406ce8a820904a50857f4f85b > files > 1

ossec-hids-1.4-4mdv2010.0.src.rpm

<!-- 
  -  Official rules for ASL
  -  Author: Scott R. Shinn
  -  License: http://www.ossec.net/en/licensing.html
  -->

  
<group name="modsecurity,">
  <rule id="50100" level="0">
    <decoded_as>modsecurity-errorlog</decoded_as>
    <description>Apache messages grouped.</description>
  </rule>    

  <rule id="50101" level="0">
    <if_sid>50100</if_sid>
    <match>^[modsecurity] </match>
    <description>Apache error messages grouped.</description>
  </rule>

  <!-- Mod security rules by <ossec ( at ) sioban.net -->
  <rule id="50118" level="7">
    <if_sid>50101</if_sid>
    <match>Access denied</match>
    <description>Access attempt blocked by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50119" level="12" frequency="6" timeframe="120">
    <if_matched_sid>50118</if_matched_sid>
    <same_source_ip />
    <description>Multiple attempts blocked by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50121" level="7">
    <if_sid>50101</if_sid>
    <match>CRITICAL</match>
    <description>Critical alert by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50122" level="7">
    <if_sid>50101</if_sid>
    <match>ALERT</match>
    <description>ALERT by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50123" level="5">
    <if_sid>50101</if_sid>
    <match>WARNING</match>
    <description>WARNING by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50124" level="3">
    <if_sid>50101</if_sid>
    <match>NOTICE</match>
    <description>NOTICE by Mod Security.</description>
    <group>access_denied,</group>
  </rule>

<!-- http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html -->
  <rule id="50125" level="4">
    <if_sid>50101</if_sid>
    <match>400</match>
    <description>Bad Request</description>
  </rule>

  <rule id="50126" level="5">
    <if_sid>50101</if_sid>
    <match>401</match>
    <description>HTTP Authorization failed</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50127" level="5">
    <if_sid>50101</if_sid>
    <match>402</match>
    <description>Payment Required </description>
    <group>access_denied,</group>
  </rule>

  <rule id="50128" level="5">
    <if_sid>50101</if_sid>
    <match>403</match>
    <description>Forbidden</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50129" level="5">
    <if_sid>50101</if_sid>
    <match>404</match>
    <description>File Not Found</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50130" level="5">
    <if_sid>50101</if_sid>
    <match>405</match>
    <description>Method Not Allowed</description>
    <group>access_denied,</group>
  </rule>

<!-- 406
 The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

Unless it was a HEAD request, the response SHOULD include an entity containing a list of available entity characteristics and location(s) from which the user or user agent can choose the one most appropriate. The entity format is specified by the media type given in the Content-Type header field. Depending upon the format and the capabilities of the user agent, selection of the most appropriate choice MAY be performed automatically. However, this specification does not define any standard for such automatic selection.

      Note: HTTP/1.1 servers are allowed to return responses which are
      not acceptable according to the accept headers sent in the
      request. In some cases, this may even be preferable to sending a
      406 response. User agents are encouraged to inspect the headers of
      an incoming response to determine if it is acceptable.

If the response could be unacceptable, a user agent SHOULD temporarily stop receipt of more data and query the user for a decision on further actions. 
-->
  <rule id="50131" level="5">
    <if_sid>50101</if_sid>
    <match>406</match>
    <description>Not Acceptible</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50132" level="5">
    <if_sid>50101</if_sid>
    <match>407</match>
    <description>Proxy Authentication Required</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50133" level="5">
    <if_sid>50101</if_sid>
    <match>408</match>
    <description>Request Timeout</description>
    <group>access_denied,</group>
  </rule>

<!--
 The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem; however, that might not be possible and is not required.

Conflicts are most likely to occur in response to a PUT request. For example, if versioning were being used and the entity being PUT included changes to a resource which conflict with those made by an earlier (third-party) request, the server might use the 409 response to indicate that it can't complete the request. In this case, the response entity would likely contain a list of the differences between the two versions in a format defined by the response Content-Type.
10.4.11
-->
  <rule id="50134" level="5">
    <if_sid>50101</if_sid>
    <match>409</match>
    <description>Conflict</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50135" level="5">
    <if_sid>50101</if_sid>
    <match>410</match>
    <description>Gone</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50136" level="5">
    <if_sid>50101</if_sid>
    <match>411</match>
    <description>Length Required</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50137" level="5">
    <if_sid>50101</if_sid>
    <match>412</match>
    <description>Precondition Failed</description>
    <group>access_denied,</group>
  </rule>


  <rule id="50138" level="5">
    <if_sid>50101</if_sid>
    <match>413</match>
    <description>Request Entity Too Large</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50139" level="5">
    <if_sid>50101</if_sid>
    <match>414</match>
    <description>Request URI Too long</description>
    <group>access_denied,</group>
  </rule>


  <rule id="50140" level="5">
    <if_sid>50101</if_sid>
    <match>415</match>
    <description>Unspported Media Type</description>
    <group>access_denied,</group>
  </rule>

  <rule id="50141" level="5">
    <if_sid>50101</if_sid>
    <match>416</match>
    <description>Requested range not satisfied</description>
    <group>access_denied,</group>
  </rule>


  <rule id="50142" level="5">
    <if_sid>50101</if_sid>
    <match>417</match>
    <description>Expectation Failed</description>
    <group>access_denied,</group>
  </rule>



</group> <!-- ERROR_LOG,APACHE -->


<!-- EOF -->

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional