Create a cron to check the IP of the hostname. Restart the ossec processes when it changes.
On Tue, May 3, 2011 at 6:14 PM, Rainer <[email protected]> wrote: > Hi, > I ran across the following problem: > We manage our servers from a small office with an Internet > connection with dynamic IP Address. I don't want to run into > problems with OSSEC blocking our office because of some issues > with websites, CMS backend, forgotten passwords and other stuff. > So I thought I'd just whitelist our office by the hostname > of our router. I configured our router with dyndns and this > works fine, we can resolve our office-IP address by the dyndns hostname. > > BUT > OSSEC seems not to update the whitelisted addresses, our office got > blocked although whitelisted by hostname. Did OSSEC resolve the IP > address just once at start time and when the dynamic IP address changes, > OSSEC still has the old one in its whitelist (which is now useless)? > > Any solution for this? > Or do we have to buy a static IP address for the office? > > > Even a block for 1 Minute is bad for the office, because people are > working on websites on our servers. Loosing work in progress makes > the colleagues angry about me. :-) > Of course I can log in via SSH via another server and then unblock > the office. > > But I don't want to loosen security neither. > > Greetings Rainer > >
