Difference between revisions of "HIDS 38001"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 38001 '''Message''' Plesk saslauthd Failed mail authenticatication attempt '''Description''' This rule detects when Plesk's sassauthd daemon records a s...")
 
m
Line 10: Line 10:
 
'''Description'''   
 
'''Description'''   
  
This rule detects when Plesk's sassauthd daemon records a single authentication failure.  
+
This rule detects when Plesk's sassauthd daemon records a single authentication failure.
  
 +
Note:  ASL does not cause this event to occur, it simply reports when this event occurs.
  
 
'''False Positives'''
 
'''False Positives'''
  
 
There are no known false positive for this rule.   
 
There are no known false positive for this rule.   
 +
 +
Disabling this rule will not prevent Plesk from rejecting the users mail connections.  It will simply prevent ASL from reporting or tracking these failed authentication attempts.  Disabling this rule will also prevent ASL from responding to brute force attacks against the mail server.
 +
  
 
'''Tuning Recommendations'''
 
'''Tuning Recommendations'''

Revision as of 15:34, 6 March 2017

Rule ID

38001

Message

Plesk saslauthd Failed mail authenticatication attempt


Description

This rule detects when Plesk's sassauthd daemon records a single authentication failure.

Note: ASL does not cause this event to occur, it simply reports when this event occurs.

False Positives

There are no known false positive for this rule.

Disabling this rule will not prevent Plesk from rejecting the users mail connections. It will simply prevent ASL from reporting or tracking these failed authentication attempts. Disabling this rule will also prevent ASL from responding to brute force attacks against the mail server.


Tuning Recommendations

None.

Similar Rules

None.


Knowledge Base Articles

None.

Outside References

None.

Notes

None.

Personal tools