Hi Dimitri,
If it's not a problem for you, please send them to list.
It would be good for list members to see them.
Someone may have different ideas then mine. :)
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Yes. May I send these to you OL?
Dimitri
On Wednesday August 09 2006 9:33 am, Ahmet Ozturk wrote:
Hi again,
I'll test windows agent at home tonight.
Can you send us your ossec.conf file and related alert logs?
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Thanks, Ahmet.
Might you have any idea why my WinXP box keeps getting blocked
when using the ssh and ftp tools, even though it's whitelisted?
Dimitri
On Wednesday August 09 2006 9:12 am, Ahmet Ozturk wrote:
Hi Dimitri,
OSSEC-HIDS configuration only accepts CIDRs /8 /16 /24 /32.
Please see Rafael Capovilla's solution.
(http://www.ossec.net/ossec-list/2006-August/msg00063.html)
I think Meir Michanie will correct this issue soon.
Since you have only two agent boxes, you may define them
seperately in config file like:
<white_list>192.168.100.xx/32</white_list>
<white_list>192.168.100.yyy/32</white_list>
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Hello list members.
In order to use various tools on my OSSEC-HIDS server and agent
boxes, I've whitelisted my two desktop boxes - WinXP and
SimplyMepis Linux.
>From the Linux desktop, using cli ssh and sftp tools, I have
no
trouble getting into the OSSEC-HIDS server or agents. From the
Windows desktop, however, I keep getting added to hosts.deny
when using either Putty (ssh) or WinSCP3 (sftp). I then have
to remove the entry fr the WinXP desktop from hosts.deny and
restart the OSSEC-HIDS server (merely removing the entry from
hosts.deny doesn't work). I have, as per instruction, added a
separate entry in ossec.conf for each LAN address I want to
whitelist. Is this a possible bug, or am I doing something
wrong?
I tried whitelisting my entire LAN by adding
<white_list>192.168.100.0/22</white_list>, but that didn't seem
to work. If this isn't something I'm doing wrong, might I
suggest adding this ability in a future release?
Regards,
Dimitri
