[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: iptables question

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: iptables question
From: Stephen Bunn <sbunn@xxxxxxxxxxxxxxxxx>
Date: Tue, 18 Jul 2006 12:06:11 +0900
Organization: Rogue Software

On Mon, 2006-07-17 at 21:45 +0300, oahmet wrote:
> Hi Stephen,
> 
> Please be sure that you enabled the active response on ossec-conf
> file. (Ref: http://www.ossec.net/en/manual.html#active-response-config).
> 
> then, please verify you have related entries in
> /var/ossec/active-response/ossec-hids-responses.log.
> For example I have the following line for an attacking IP;
> 
> 
> Mon Jul 17 21:34:54 EEST 2006 
> /var/ossec/active-response/bin/firewall-drop.sh add null 192.1681.4
> 
> Btw, to check wheter firewall-drop.sh works, you may execute the
> command above by hand. and see if it adds the ip to ipfilter.
> 
> Regards,
> 
> Ahmet Ozturk.
> ------~----~----~----~------~----~------~--~---
Thanks for the response.  Yes, I found the logs yesterday.  
I wasn't paying attention when I installed as to were the logs were
being kept, but I have verified that active-response is working.. kind
of funny actually because I locked my self out of my machine while I was
still looking for the logs when I ran a scan against my machine.. :) 


--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: iptables question
  - From: peter

References:
- [ossec-list] iptables question
  - From: Stephen Bunn
- [ossec-list] Re: iptables question
  - From: oahmet

Prev by Date: [ossec-list] OSSEC on Ubuntu howto
Next by Date: [ossec-list] Re: OSSEC on Ubuntu howto
Previous by thread: [ossec-list] Re: iptables question
Next by thread: [ossec-list] Re: iptables question
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.