[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Active response - firewall

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Active response - firewall
From: Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx>
Date: Tue, 8 Aug 2006 16:52:59 -0400

Hello to all.

First, congratulations to the development team on an exellent piece of 
software (recognized by SANS, no less)!  It was easy to install, and 
tweaking to one's own specifications is straightforward.  I very much 
look forward to future releases.

Apologies if this is completely lame, but one tweak that I'd like some 
help on is firewalling.  I have installed ossec-hids on a separate 
server, and added the agent piece to other server which mainly sit in 
a DMZ.  I have iptables/router on yet another box that has been 
serving my organization admirabley (I'd also like to monitor this box 
with ossec-hids).

What I'd like to do use the iptables/router box to be the recipient of 
ip addresses added to the deny list, rather than the ossec-hids 
server.  I'm thinking that this should be possible, but don't know 
how to do it.  Can someone help?

Many thanks, and best wishes.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Follow-Ups:
- [ossec-list] Re: Active response - firewall
  - From: Lars Scheithauer
- [ossec-list] Re: Active response - firewall
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: ossec 0.9 under Mac OS X
Next by Date: [ossec-list] Re: OSSEC 0.9 Cannot send email
Previous by thread: [ossec-list] Re: 0.9 rootkit false positives with files > 2GB?
Next by thread: [ossec-list] Re: Active response - firewall
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.