<!-- @(#) $Id: authpsa_rules.xml,v 0.1 $
- Author: Brent Meshier - brent@meshier.com
-->
<var name="AUTHPSA_FREQ">6</var>
<group name="syslog,authpsa,">
<rule id="4600" level="0" noalert="1">
<decoded_as>authpsa</decoded_as>
<description>Grouping of the authpsa rules.</description>
</rule>
<rule id="4601" level="5">
<if_sid>4600</if_sid>
<match>authpsa: checkmailpasswd: FAILED</match>
<description>authpsa user login failed.</description>
<group>authentication_failed,</group>
</rule>
<rule id="4651" level="10" frequency="$AUTHPSA_FREQ" timeframe="900">
<if_matched_sid>4601</if_matched_sid>
<same_source_ip />
<description>Multiple failed logins from same source ip.</description>
<group>authentication_failures,</group>
</rule>
</group>
distrib
>
Mandriva
>
current
>
i586
>
media
>
contrib-release-src
>
by-pkgid
>
9758220406ce8a820904a50857f4f85b
>
files
>
2
