[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: iptables question

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: iptables question
From: oahmet <oahmet@xxxxxxxxxxx>
Date: Mon, 17 Jul 2006 21:45:02 +0300
Cc: ossec-list@xxxxxxxxx

Hi Stephen,

Please be sure that you enabled the active response on ossec-conf
file. (Ref: http://www.ossec.net/en/manual.html#active-response-config).

then, please verify you have related entries in
/var/ossec/active-response/ossec-hids-responses.log.
For example I have the following line for an attacking IP;

Mon Jul 17 21:34:54 EEST 2006 
/var/ossec/active-response/bin/firewall-drop.sh add null 192.1681.4

Btw, to check wheter firewall-drop.sh works, you may execute the
command above by hand. and see if it adds the ip to ipfilter.

Regards,

Ahmet Ozturk.

Stephen Bunn wrote:
> Hello all,
> 
>    I have setup ossec to add iptables rules when it detects a
> scan/attack, but I don't think this is happening.. how can I verify that
> this is occuring?
> 

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: iptables question
  - From: Daniel Cid
- [ossec-list] Re: iptables question
  - From: Stephen Bunn

References:
- [ossec-list] iptables question
  - From: Stephen Bunn

Prev by Date: [ossec-list] Re: Log rotation
Next by Date: [ossec-list] Re: iptables question
Previous by thread: [ossec-list] iptables question
Next by thread: [ossec-list] Re: iptables question
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.