On Tuesday 03 October 2006 12:00, gentuxx wrote: Hiya, Thanks for that .. :-)
But maybe I need to re-phrase. Where would I edit the code to allow this and also have it not be overwritten with each update ?? Or is this even possible without a rewrite for Freebsd ?? > Francesca Smith wrote: > > Hello, > > > > Freebsd does not use /etc/hosts.deny but rather inserts all wrapper rules > > into /etc/hosts.allow. > > > > Also the formatting is ALL: XXX.XXX.XXX.XXX: deny. > > > > I am wondering just what part of the code will I have to hack up to > > insert this. And if this has been noticed or considered already ?? > > I don't use the active-response features, so take this with a grain of > salt. My understanding is that when an active-response (AR) rule is > triggered, the appropriate "action" is taken. That action is defined in > your ossec.conf, and is usually deny-host.sh or something of your own > design. > > That being said, you should be able to tailor the AR to whatever your > system requires. > > > Previously I have taken to doing a include statement in /etc/hosts.allow > > to a file like /etc/hosts.evil with the temporary block rules in there. > > > > Rules apply from top to bottom and the first rule "sticks" and later > > rules do not apply. So I usually place this include statement before any > > rules for sshd access lockdown for example. -- Kindest Regards, Francesca Smith "No Problems Only Solutions" Lady Linux Internet Services Baltimore, Maryland 21217
