prelude-lml-rules 4.1.0-1 / etc / prelude-lml / ruleset / suhosin.rules

This file is indexed.

/etc/prelude-lml/ruleset/suhosin.rules is in prelude-lml-rules 4.1.0-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
#FULLNAME: Suhosin
#VERSION: 1.0
#DESCRIPTION: Suhosin is a safety net that protects servers from insecure PHP coding practices.

#####
#
# Copyright (C) 2007 Sebastien Tricaud <stricaud at inl dot fr>
# All Rights Reserved
#
# This file is part of the Prelude-LML program.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#####

#DESCRIPTION:Configured request variable name length limit exceeded
#CATEGORY:Hardening Features
#LOG:Dec 30 05:18:11 zoubida suhosin[15086]: ALERT - configured request variable name length limit exceeded - dropped variable 'article2/include/engine/MakeXML4statusCounter_php?fileOreonConf' (attacker '192.168.3.4', file '/var/www/zorglub/www/htdocs/spip.php')
regex=ALERT - configured request variable name length limit exceeded - dropped variable '(\S+)' \(attacker '(\S+)', file '(\S+)'\); \
 classification.text=Variable length too long; \
 id=8001; \
 revision=1; \
 analyzer(0).name=Suhosin; \
 analyzer(0).manufacturer=http://www.hardened-php.net/suhosin/; \
 analyzer(0).class=HIDS; \
 source(0).node.address(0).address=$2; \
 target(0).file(0).path=$3; \
 assessment.impact.completion=failed; \
 assessment.impact.type=dos; \
 assessment.impact.severity=low; \
 assessment.impact.description=Configured request variable name length limit exceeded - dropped variable; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Variable; \
 additional_data(0).data=$1; \
 last

#DESCRIPTION:Tried to register forbidden variable
#CATEGORY:Hardening Features
#LOG:Jan  2 12:36:27 zoubida suhosin[2258]: ALERT - tried to register forbidden variable '_REQUEST' through GET variables (attacker '62.193.236.107', file '/var/www/zorglub/www/htdocs/index.php')
regex=ALERT - tried to register forbidden variable '(\S+)' through (.*) variables \(attacker '(\S+)', file '(\S+)'\); \
 classification.text=Forbidden variable; \
 id=8002; \
 revision=1; \
 analyzer(0).name=Suhosin; \
 analyzer(0).manufacturer=http://www.hardened-php.net/suhosin/; \
 analyzer(0).class=HIDS; \
 source(0).node.address(0).address=$3; \
 target(0).file(0).path=$4; \
 assessment.impact.completion=failed; \
 assessment.impact.type=other; \
 assessment.impact.severity=low; \
 assessment.impact.description=Tried to register forbidden variable through '$2'; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Variable; \
 additional_data(0).data=$1; \
 last

#DESCRIPTION:Configured variable length limit exceeded
#CATEGORY:Hardening Features
#LOG:Jan 12 17:02:54 zoubida suhosin[27745]: ALERT - configured GET variable value length limit exceeded - dropped variable 'email' (attacker '131.158.223.4', file '/var/www/zorglub/www/htdocs/php/poll.php')
regex=ALERT - configured (\S+) variable value length limit exceeded - dropped variable '(\S+)' \(attacker '(\S+)', file '(\S+)'\); \
 classification.text=Variable length too long; \
 id=8003; \
 revision=1; \
 analyzer(0).name=Suhosin; \
 analyzer(0).manufacturer=http://www.hardened-php.net/suhosin/; \
 analyzer(0).class=HIDS; \
 source(0).node.address(0).address=$3; \
 target(0).file(0).path=$4; \
 assessment.impact.completion=failed; \
 assessment.impact.type=dos; \
 assessment.impact.severity=low; \
 assessment.impact.description=Configured '$1' variable length limit exceeded - dropped variable '$2'; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Variable; \
 additional_data(0).data=$2; \
 last

#DESCRIPTION:ASCII-NUL chars not allowed within request variables
#CATEGORY:Hardening Features
#LOG:Jan 22 19:54:16 zoubida suhosin[2580]: ALERT - ASCII-NUL chars not allowed within request variables - dropped variable 'page' (attacker '85.18.136.89', file '/var/www/zorglub/www/htdocs/index.php')
regex=ALERT - ASCII-NUL chars not allowed within request variables - dropped variable '(\S+)' \(attacker '(\S+)', file '(\S+)'\); \
 classification.text=Invalid characters; \
 id=8004; \
 revision=1; \
 analyzer(0).name=Suhosin; \
 analyzer(0).manufacturer=http://www.hardened-php.net/suhosin/; \
 analyzer(0).class=HIDS; \
 source(0).node.address(0).address=$2; \
 target(0).file(0).path=$3; \
 assessment.impact.completion=failed; \
 assessment.impact.type=other; \
 assessment.impact.severity=low; \
 assessment.impact.description=ASCII-NUL chars not allowed within request variables - dropped variable '$1'; \
 additional_data(0).type=string; \
 additional_data(0).meaning=Variable; \
 additional_data(0).data=$1; \
 last

APT Browse - Built by Thomas Orozco.