[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Active response iptables

Hi there …

 

I have set up ossec with active response using firewall-drop.sh but I can’t see deny rules being added to my iptables firewall rules here is the ossec log which says it’s adding the rules but I can’t see anywhere in my system where the ip is being denied … what am I missing ?

 

/var/ossec/logs/active-responses.log

Fri May 11 01:46:32 SAST 2007 /var/ossec/active-response/bin/host-deny.sh delete - 70.43.201.230 1178840162.4923 3104

Fri May 11 01:46:32 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh delete - 70.43.201.230 1178840162.4923 3104

Fri May 11 02:22:24 SAST 2007 /var/ossec/active-response/bin/host-deny.sh add - 59.39.99.84 1178842944.6383 3104

Fri May 11 02:22:24 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh add - 59.39.99.84 1178842944.6383 3104

Fri May 11 02:31:12 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh add - 221.221.173.175 1178843472.7158 3104

Fri May 11 02:31:12 SAST 2007 /var/ossec/active-response/bin/host-deny.sh add - 221.221.173.175 1178843472.7158 3104

Fri May 11 02:32:42 SAST 2007 /var/ossec/active-response/bin/host-deny.sh delete - 59.39.99.84 1178842944.6383 3104

Fri May 11 02:32:42 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh delete - 59.39.99.84 1178842944.6383 3104

Fri May 11 02:41:42 SAST 2007 /var/ossec/active-response/bin/host-deny.sh delete - 221.221.173.175 1178843472.7158 3104

Fri May 11 02:41:42 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh delete - 221.221.173.175 1178843472.7158 3104

Fri May 11 03:55:44 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh add - 116.21.125.24 1178848544.10311 3104

Fri May 11 03:55:44 SAST 2007 /var/ossec/active-response/bin/host-deny.sh add - 116.21.125.24 1178848544.10311 3104

Fri May 11 04:06:14 SAST 2007 /var/ossec/active-response/bin/host-deny.sh delete - 116.21.125.24 1178848544.10311 3104

Fri May 11 04:06:14 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh delete - 116.21.125.24 1178848544.10311 3104

Fri May 11 04:14:36 SAST 2007 /var/ossec/active-response/bin/firewall-drop.sh add - 196.211.168.210 1178849676.11462 3104

Fri May 11 04:14:36 SAST 2007 /var/ossec/active-response/bin/host-deny.sh add - 196.211.168.210 1178849676.11462 3104

 

--Gareth

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.