On Tuesday 19 September 2006 07:28, Leonardo Goldim wrote:
Leonardo,
Attached ..
Now I may have not been clear. The whitelist does work properly on the
server .. But agent nodes I don't see a white list facility at all ..
The ip is in this range where my "Chatty" NMS lives is below .. opennms is the
software used.
207.210.240.0/24
> Hello Francesca,
>
> please send you ossec.conf for we can help you.
--
Kindest Regards,
Francesca Smith
"No Problems Only Solutions"
Lady Linux Internet Services
Baltimore, Maryland 21217
yes
[EMAIL PROTECTED]
mail.linuxgal.com.
[EMAIL PROTECTED]
rules_config.xml
pam_rules.xml
sshd_rules.xml
telnetd_rules.xml
syslog_rules.xml
arpwatch_rules.xml
pix_rules.xml
named_rules.xml
smbd_rules.xml
vsftpd_rules.xml
pure-ftpd_rules.xml
proftpd_rules.xml
hordeimp_rules.xml
web_rules.xml
apache_rules.xml
ids_rules.xml
squid_rules.xml
firewall_rules.xml
netscreenfw_rules.xml
postfix_rules.xml
sendmail_rules.xml
imapd_rules.xml
mailscanner_rules.xml
racoon_rules.xml
spamd_rules.xml
msauth_rules.xml
attack_rules.xml
7200
/etc,/usr/bin,/usr/sbin
/bin,/sbin
/etc/mtab
/etc/mnttab
/etc/hosts.deny
/etc/mail/statistics
/etc/random-seed
/etc/adjtime
/etc/httpd/logs
/etc/utmpx
/etc/wtmpx
C:\WINDOWS/System32/LogFiles
C:\WINDOWS/WindowsUpdate.log
C:\WINDOWS/system32/wbem/Logs
C:\WINDOWS/Prefetch
C:\WINDOWS/PCHEALTH/HELPCTR/DataColl
C:\WINDOWS/SoftwareDistribution/DataStore
C:\WINDOWS/SoftwareDistribution/ReportingEvents.log
C:\WINDOWS/Temp
C:\WINDOWS/system32/config/systemprofile/Local Settings
C:\WINDOWS/system32/config
/var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
127.0.0.1
216.37.34.0/24
206.123.73.0/24
207.210.240.0/24
70.22.127.181
syslog
secure
1
7
host-deny
host-deny.sh
srcip
yes
firewall-drop
firewall-drop.sh
srcip
yes
disable-account
disable-account.sh
user
yes
host-deny
local
6
600
firewall-drop
local
6
600
apache
/hsphere/local/var/httpd/logs/error_log
apache
/hsphere/local/var/httpd/logs/access_log
syslog
/hsphere/local/var/proftpd/auth.log
syslog
/var/log/messages
syslog
/var/log/auth.log
syslog
/var/log/userlog
syslog
/var/log/security
syslog
/hsphere/local/var/proftpd/xferlog
syslog
/var/log/maillog
