[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: <active-response>

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: <active-response>
From: Thorne Lawler <Thorne.Lawler@xxxxxxxxxxxxx>
Date: Fri, 25 May 2007 09:44:54 +1000

Tiago,

If you look at the docs:
http://www.ossec.net/en/manual.html#active-response
...under 'risk mitigation' this is explained very clearly. You use the 
whitelist. Edit ossec.conf and search for the term 'white_list'. You 
should find a section like this:

<global>
    <white_list>127.0.0.1</white_list>
    <white_list>12.34.67.112</white_list>
    <white_list>www.google.com</white_list>
    <white_list>202.55.37.11</white_list>
</global>

You just add a new entry for each IP you want to never get blocked.

--
Thorne Lawler

Technical Consultant
ICT Outsourcing Services | Infrastructure Services | Unix Storage and 
Delivery
KAZ Group Pty Ltd
360 Elizabeth Street | Melbourne Victoria 3000
(03) 9631 1747 | 0408 491 552 | Fax: (03) 9654 7334
thorne.lawler@xxxxxxxxxxxxx  |  www.kaz-group.com
--------------------------------------------------------------------------------
This communication may contain confidential information and/or copyright 
material of KAZ Group Pty Ltd ABN 25 002 124 405 and its related bodies 
corporate.  It may also be the subject of legal professional privilege. If 
you 
are not an intended recipient, you must not keep, forward, copy, use, save 
or 
rely on this communication and any such action is unauthorised and 
prohibited.
If you have received this communication in error, please reply to this 
e-mail to
notify the sender of its incorrect delivery, and then delete both it and 
your 
reply




Tiago Dias <tux.tiago@xxxxxxxxx> 
Sent by: ossec-list@xxxxxxxxxxxxxxxx
24/05/2007 09:24 PM
Please respond to
ossec-list@xxxxxxxxxxxxxxxx


To
ossec-list@xxxxxxxxx
cc

Subject
[ossec-list] <active-response>






All,

It is possible to create exceptions for <active-response>. If yes. 
I can create exceptions for IP and Port? 
How to make?

Att,


This communication may contain confidential information and/or copyright material of KAZ Group Pty Ltd ABN 25 002 124 405 and its related bodies corporate.  It may also be the subject of legal professional privilege.  If you are not an intended recipient, you must not keep, forward, copy, use, save or rely on this communication and any such action is unauthorised and prohibited.  If you have received this communication in error, please reply to this e-mail to notify the sender of its incorrect delivery, and then delete both it and your reply.

Prev by Date: [ossec-list] email-to based on alarm level
Next by Date: [ossec-list] Re: Integrity Checking Not Working
Previous by thread: [ossec-list] Re: email-to based on alarm level
Next by thread: [ossec-list] alert_new_files
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.