[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: iptables question

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: iptables question
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Mon, 17 Jul 2006 17:13:53 -0300

Just a reminder that ossec by default only blocks for 10 minutes. So, if
you look later, you will not see the ip address in the iptables list.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 7/17/06, oahmet <oahmet@xxxxxxxxxxx> wrote:
>
> Hi Stephen,
>
> Please be sure that you enabled the active response on ossec-conf
> file. (Ref: http://www.ossec.net/en/manual.html#active-response-config).
>
> then, please verify you have related entries in
> /var/ossec/active-response/ossec-hids-responses.log.
> For example I have the following line for an attacking IP;
>
>
> Mon Jul 17 21:34:54 EEST 2006
> /var/ossec/active-response/bin/firewall-drop.sh add null 192.1681.4
>
> Btw, to check wheter firewall-drop.sh works, you may execute the
> command above by hand. and see if it adds the ip to ipfilter.
>
> Regards,
>
> Ahmet Ozturk.
>
>
>
> Stephen Bunn wrote:
> > Hello all,
> >
> >    I have setup ossec to add iptables rules when it detects a
> > scan/attack, but I don't think this is happening.. how can I verify that
> > this is occuring?
> >
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

References:
- [ossec-list] iptables question
  - From: Stephen Bunn
- [ossec-list] Re: iptables question
  - From: oahmet

Prev by Date: [ossec-list] Re: iptables question
Next by Date: [ossec-list] Re: Log rotation
Previous by thread: [ossec-list] Re: iptables question
Next by thread: [ossec-list] Re: iptables question
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.