[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] wishlist idea (script)

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] wishlist idea (script)
From: Jay Curtis <jay@xxxxxxxxxxxxxx>
Date: Thu, 9 Aug 2007 20:29:09 -0400
Organization: Lledgerock llamas

Question tossed in the air (for small system admins)

Wish list item for ossec -- a command line option to kill in-process attacks
where from a console you could type:

ossec [+/-] [ip address | network name | subnet ]

to kill an (any) in-progress attack simply and cleanly 

where "+" [input] fires a full "level 10" block on that "input"
and "-" would remove it (if you screwed it up)

and the block period should be 24 hours (86400 seconds)

example:
#ossec + 123.123.123.123  >> fires a full (input/output/forward) block on that 
ip
#ossec - 123.123.123.123  >> clears it
#ossec + bad.haxorz.org  >> fires a full (input/output/forward) block on that 
net name
--lastly--
#ossec + 61.62.63.0/8 blocks that subnet the same way.

Any thoughts?

JSC

References:
- [ossec-list] Integrity checking database query...
  - From: Jess Bromley
- [ossec-list] Re: Integrity checking database query...
  - From: Jeff Schroeder

Prev by Date: [ossec-list] Re: Replaying old logs
Next by Date: [ossec-list] Re: Proposal for the Web User Interface
Previous by thread: [ossec-list] Re: Integrity checking database query...
Next by thread: [ossec-list] Proposal for the Web User Interface
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.