[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] Re: various minor configuration suggestions
Hi Daniel,
Thanks for the rolling in the changes. A few quick comments below.
On Fri, Jun 22, 2007 at 07:14:36PM -0300, Daniel Cid wrote:
> > ossec.conf:
> > <syscheck>
> > <ignore>/etc/dumpdates</ignore>
> > <ignore>/etc/svc/volatile</ignore>
>
> Thanks. Just added those to CVS.
Here is a another one that does not update quite as frequently:
<ignore>/etc/logadm.conf</ignore>
(As Solaris's logadm rolls the log files it writes the date it last
rolled each log file into this file.)
> > # ipfstat -ih | grep "block in quick"
> > 0 block in quick from 124.10.89.38/32 to any group 100
> > 3 block in quick from 221.202.15.161/32 to any group 100
> > 0 block in quick from 72.184.61.130/32 to any group 100
>
> I don't use ipfilter, so I can't really test it. you mean at the end
> of the argument:
>
> ARG2="\"@1 block in quick from ${IP} to any\""
>
> Adding "group X"?
Exactly.
> Can you try the following version with your SMF rules and the new entries to
> the syscheck ignore?
>
> http://www.ossec.net/files/snapshots/ossec-hids-070622.tar.gz
I tried 070625 out and everything works great.
Thanks again,
logan
--
PGP/GPG Key: http://www.gedanken.org/logan/pubkey.asc
Fingerprint: 320C E05B 4BFB A8C4 FC7A C06C 88D7 B840 BD56 AF78
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.