-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Francesca Smith wrote: > Hello, > > Freebsd does not use /etc/hosts.deny but rather inserts all wrapper rules > into /etc/hosts.allow. > > Also the formatting is ALL: XXX.XXX.XXX.XXX: deny. > > I am wondering just what part of the code will I have to hack up to insert > this. And if this has been noticed or considered already ??
I don't use the active-response features, so take this with a grain of salt. My understanding is that when an active-response (AR) rule is triggered, the appropriate "action" is taken. That action is defined in your ossec.conf, and is usually deny-host.sh or something of your own design. That being said, you should be able to tailor the AR to whatever your system requires. > > Previously I have taken to doing a include statement in /etc/hosts.allow to a > file like /etc/hosts.evil with the temporary block rules in there. > > Rules apply from top to bottom and the first rule "sticks" and later rules do > not apply. So I usually place this include statement before any rules for > sshd access lockdown for example. > - -- gentux echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2 18D3 4A9E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFIokVTPA54hjTSp4RAm13AKDPD8bC6ATv3MrZvDUv8c71o0uPwACg58/M KrEY7tpB0QQLHrn5/T6A+10= =BZjL -----END PGP SIGNATURE-----
