[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Whitelisting questions

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Whitelisting questions
From: Dimitri Yioulos <dyioulos@xxxxxxxxxxxxx>
Date: Wed, 9 Aug 2006 08:50:17 -0400
Content-disposition: inline
Content-transfer-encoding: quoted-printable

Hello list members.

In order to use various tools on my OSSEC-HIDS server and agent boxes, 
I've whitelisted my two  desktop boxes - WinXP and SimplyMepis Linux.  
From the Linux desktop, using cli ssh and sftp tools, I have no 
trouble getting into the OSSEC-HIDS server or agents.  From the 
Windows desktop, however, I keep getting added to hosts.deny when 
using either Putty (ssh) or WinSCP3 (sftp).  I then have to remove 
the entry fr the WinXP desktop from hosts.deny and restart the 
OSSEC-HIDS server (merely removing the entry from hosts.deny doesn't 
work).  I have, as per instruction, added a separate entry in 
ossec.conf for each LAN address I want to whitelist.  Is this a 
possible bug, or am I doing something wrong?

I tried whitelisting my entire LAN by adding 
<white_list>192.168.100.0/22</white_list>, but that didn't seem to 
work.  If this isn't something I'm doing wrong, might I suggest 
adding this ability in a future release?

Regards,

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Follow-Ups:
- [ossec-list] Re: Whitelisting questions
  - From: Ahmet Ozturk
- [ossec-list] Re: Whitelisting questions
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: ZK Rootkit
Next by Date: [ossec-list] Re: Whitelisting questions
Previous by thread: [ossec-list] queries on configuring ossec
Next by thread: [ossec-list] Re: Whitelisting questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.