I am far from an expert, but 1) It uses null routes I believe 3) It uses active response, but you probably need to turn it on. 4) Yes, that has to do with the rules definitions, or your own rules
-- James Pulver LEPP Computer Group Cornell University From: [email protected] [mailto:[email protected]] On Behalf Of Charles Bailey Sent: Monday, February 11, 2013 12:50 PM To: [email protected] Subject: [ossec-list] Basic Windows Config questions I wanted the 'Best' IDS for my Windows Apache server, and after a lot of looking around I chose OSSEC. Documentation was pretty sparse, and I'm a Linux newbie, but somehow I managed to install Ubuntu, OSSEC, and the Web interface, and I have the client running on my Windows server. I put in a number of log files in the config file to monitor, and it seems to be working. I've got a number of questions: 1) How does it block hack attempts? Windows Firewall? Some other mechanism? 2) This might be the expected result, but when I get a 404, OSSEC shows it as a 400 error. 3) When someone tries to access a page repeatedly that's not on my server, OSSEC doesn't block them. Actually, I haven't seen ANY blocks. Do they show up in the log? 4) Does OSSEC go by a set of rules to detect hack attempts? How would I update them? How can I tell if they need updating? 5) I keep getting minor PHP config errors logged, almost every minute. How can I disable those from being logged? 6) What files should be monitored? I mainly have just the Apache log and error files monitored. Thanks for any help you can offer! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
