Created
November 5, 2013 18:23
-
-
Save rainest/7323625 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Nov 5 13:01:24 2013 EST f_ssh_server a_general_area t_attack p_major | |
pid: 45848 ruid: 0 euid: 0 pgid: 45848 logid: 0 cmd: 'sshd' | |
domain: ssh2 edomain: ssh2 | |
hostname: vm701-sa.support.securecomputing.com | |
category: policy_violation event: ACL deny attackip: 172.23.87.33 | |
attackburb: internal srcip: 172.23.87.33 srcport: 23927 | |
srcburb: internal dstip: 172.23.80.14 dstport: 22 dstburb: internal | |
protocol: 6 service_name: sshd user_name: swadmin | |
auth_method: failed-Password rule_name: Deny All cache_hit: 0 | |
reason: Traffic denied by policy. | |
Nov 5 13:01:24 2013 EST f_ssh_server a_server t_attack p_major | |
pid: 45848 ruid: 0 euid: 0 pgid: 45848 logid: 0 cmd: 'sshd' | |
domain: ssh2 edomain: ssh2 hostname: vm701-sa.support.securecomputing.com | |
category: policy_violation event: auth deny user_name: swadmin | |
auth_method: Password reason: Authentication failed. | |
audit add filter name='Denied Authentication' \ | |
comments='Detects when a user attempts to authenticate and enters invalid data. For example, if a user is required to enter a password and entered it incorrectly, the denied auth event would log the event.' \ | |
filter_type=attack number=5 sacap_filter=AUDIT_X_AUTH_DENY | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment