[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: White-list for a network

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: White-list for a network
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Tue, 20 Jun 2006 23:05:14 -0300

Hi Jorge,

White listing with CIDR should work. Remember that the white_list option must
be inside the "global" section. Something like that:

  <global>
    <white_list>127.0.0.1</white_list>
    <white_list>10.0.0.0/8</white_list>
  </global>

What error are you getting? Did you restart ossec after adding the
IP there? With white listing, you will still see the alert, but no
response will be taken. Is there anything on
/var/ossec/active-response/ossec-hids-responses.log regarding
any IP on this network?

Thanks,

--
Daniel B. Cid
dcid @ ( at ) ossec.net

On 6/20/06, Jorge Augusto Senger <jorge@xxxxxxxxxxx> wrote:
>
> Hy Daniel,
>
> I need do add a C class in the white-list (10.0.0.0/8). It's possible?
> With these line on osse.conf the rule doesn't work:
>     <white_list>10.0.0.0/8</white_list>
>
> Thanks
> Jorge
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

References:
- [ossec-list] Re: ossec was finished work unexpectedly
  - From: Oleksander Panchuk
- [ossec-list] White-list for a network
  - From: Jorge Augusto Senger

Prev by Date: [ossec-list] Horde worm in the wild.
Next by Date: [ossec-list] OSSEC ranked #2 on IDS tools and #56 on top security tools
Previous by thread: [ossec-list] White-list for a network
Next by thread: [ossec-list] Re: vsftpd rule
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.