[ossec-list] Active response iptables

Fri, 11 May 2007 00:48:04 -0700 

Hi there ...

 

I have set up ossec with active response using firewall-drop.sh but I can't
see deny rules being added to my iptables firewall rules here is the ossec
log which says it's adding the rules but I can't see anywhere in my system
where the ip is being denied ... what am I missing ?

 

/var/ossec/logs/active-responses.log

Fri May 11 01:46:32 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
delete - 70.43.201.230 1178840162.4923 3104

Fri May 11 01:46:32 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh delete - 70.43.201.230
1178840162.4923 3104

Fri May 11 02:22:24 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
add - 59.39.99.84 1178842944.6383 3104

Fri May 11 02:22:24 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh add - 59.39.99.84
1178842944.6383 3104

Fri May 11 02:31:12 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh add - 221.221.173.175
1178843472.7158 3104

Fri May 11 02:31:12 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
add - 221.221.173.175 1178843472.7158 3104

Fri May 11 02:32:42 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
delete - 59.39.99.84 1178842944.6383 3104

Fri May 11 02:32:42 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh delete - 59.39.99.84
1178842944.6383 3104

Fri May 11 02:41:42 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
delete - 221.221.173.175 1178843472.7158 3104

Fri May 11 02:41:42 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh delete - 221.221.173.175
1178843472.7158 3104

Fri May 11 03:55:44 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh add - 116.21.125.24
1178848544.10311 3104

Fri May 11 03:55:44 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
add - 116.21.125.24 1178848544.10311 3104

Fri May 11 04:06:14 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
delete - 116.21.125.24 1178848544.10311 3104

Fri May 11 04:06:14 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh delete - 116.21.125.24
1178848544.10311 3104

Fri May 11 04:14:36 SAST 2007
/var/ossec/active-response/bin/firewall-drop.sh add - 196.211.168.210
1178849676.11462 3104

Fri May 11 04:14:36 SAST 2007 /var/ossec/active-response/bin/host-deny.sh
add - 196.211.168.210 1178849676.11462 3104

 

--Gareth

Reply via email to