hello collegues I want to make active response with OSSEC on Windows Systems: for example:
When OSSEC detected USB Drive - make feature-> AutoRun to disable (http://antivirus.about.com/od/securitytips/ht/autorun.htm) Now i find only 6 active response tools(http://www.ossec.net/main/ manual/manual-active-responses/): •host-deny.sh - Adds an IP to the /etc/hosts.deny file (most Unix systems). •firewall-drop.sh (iptables) - Adds an IP to the iptables deny list (Linux 2.4 and 2.6). •firewall-drop.sh (ipfilter) - Adds an IP to the ipfilter deny list (FreeBSD, NetBSD and Solaris). •firewall-drop.sh (ipfw) - Adds an IP to the ipfw deny table (FreeBSD). •firewall-drop.sh (ipsec) - Adds an IP to the ipsec drop table (AIX). •firewall-drop.sh (pf) But these tools apply only to network settings Please help me to make this tool ( disable Autorun on all Windows systems with OSSEC) 2. Second question : how to export client-keys from one server OSSEC to another. How to make backup ? 3. Third question : how to distribute many keys on hundred Windows clients. not doing it manually
