<active-response>
<!-- This response is going to execute the host-deny
- command for every event that fires a rule with
- level (severity) >= 6.
- The IP is going to be blocked for 600 seconds.
-->
<command>host-deny</command>
<location>local</location>
<level>6</level>
<timeout>300</timeout>
</active-response>
<active-response>
<!-- Firewall Drop response. Block the IP for
- 600 seconds on the firewall (iptables,
- ipfilter, etc).
-->
<command>firewall-drop</command>
<location>local</location>
<level>6</level>
<timeout>300</timeout>
</active-response>
And btw which version of ossec are you using?
2006/9/19, Francesca Smith <[EMAIL PROTECTED]>:
On Tuesday 19 September 2006 12:42, Rafael Capovilla wrote:
Hello,
I am not being very clear here :-)
I have a central Network Monitoring Station. It regularly polls all my servers
worldwide to check on health.
I added that NMS IP to my server node during installation as a whitelisted IP.
Yet still agent node machines are auto blocking this IP still causing the NMS
to of course to think they are off line.
I have done all the usual stuff such as restarting ossec etc.
Server node is a Freebsd 5.5 server and Agent nodes are Centos 4.4.
> Why do you want white_list on agent side if it is controlled on server
> side? Do you want to white_list some ips for just a few agents instead of
> all?
>
> 2006/9/19, Francesca Smith <[EMAIL PROTECTED]>:
> > On Tuesday 19 September 2006 12:27, Rafael Capovilla wrote:
> > Hello,
> >
> > Thats exactly the issue.
> >
> > The IP is listed on the server but I am still getting blocks on agent
> > nodes.
> >
> > > You dont need white_list on the agente side, the server controls
> >
> > everything
> >
> > > about active-responses.
> > >
> > > 2006/9/19, Francesca Smith <[EMAIL PROTECTED] >:
> > > > On Tuesday 19 September 2006 07:28, Leonardo Goldim wrote:
> > > > Leonardo,
> > > >
> > > > Attached ..
> > > >
> > > > Now I may have not been clear. The whitelist does work properly on
> > > > the server .. But agent nodes I don't see a white list facility at
> > > > all ..
> > > >
> > > > The ip is in this range where my "Chatty" NMS lives is below ..
> >
> > opennms
> >
> > > > is the
> > > > software used.
> > > >
> > > > 207.210.240.0/24
> > > >
> > > > > Hello Francesca,
> > > > >
> > > > > please send you ossec.conf for we can help you.
> > > >
> > > > --
> > > > Kindest Regards,
> > > >
> > > > Francesca Smith
> > > >
> > > > "No Problems Only Solutions"
> > > > Lady Linux Internet Services
> > > > Baltimore, Maryland 21217
> >
> > --
> > Kindest Regards,
> >
> > Francesca Smith
> >
> > "No Problems Only Solutions"
> > Lady Linux Internet Services
> > Baltimore, Maryland 21217
--
Kindest Regards,
Francesca Smith
"No Problems Only Solutions"
Lady Linux Internet Services
Baltimore, Maryland 21217
--
Certified LPIC -1
http://www.underlinux.com.br
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
