Hi B/K, Thank you for the response I really appreciate it. May I have a link on the resources since I am new to this great tool and I want to know more and understand it as well.
Thank you, Sandeil On Thu, Jan 20, 2011 at 12:17 AM, B/K Walker <[email protected]> wrote: > On Wed, 19 Jan 2011 11:22:48 +0800 seekuel <[email protected]> wrote: > > Hi, > > > > My I ask if there is a level we can configure ossec? say: > > > > level1 - moderate > > level2 - Strict > > level3 - paranoid > > > > Since we experience a scenario that the server is used as hosting and > > domains that are already expired will still appear in search engines. > > When this happened when a client will click the link of the expired > > domain his IP address is blocked since the page does not exist. > > > > Is there a way that we can use specific module in ossec to be active > > on our server? > > I'd handle this by changing the rule level. First ID any rules that are > getting hits on the errors, then add local rules to override the level: > > Say the rules getting triggered are 5505 and 55223 > > <rule id="100002" level="0"> > <if_sid>5505,55223</if_sid> > <description>block active-response for the above errors</description> > </rule> > > > The level you set would depend on how you have active response setup, mine > hits on 6 or higher so setting the level to 5 would do it. >
