Does OSSEC work on top of Iptables? If so, ill just use iptables to block the ranges.
On Friday, May 23, 2014 2:08:37 PM UTC-4, Michael Starks wrote: > > On 05/23/2014 12:28 PM, PAL 18 wrote: > > Can you share the script you've made? > > Ideally, OSSEC would have a fancy update daemon that was responsible for > this and rules/decoders, but it's only been talked about so far. > > I have a script which downloads from several sources and compiles into > CDB lists. I haven't shared it because I don't want to put it into > contrib and then have someone's personal site hammered with lots of > OSSEC users. But I can send it to you privately if you like. > > Btw, I am not entirely convinced that it works to update a CDB list > without restarting OSSEC. It's supposed to, but I saw some strange > things I have yet to look into. > > At any rate, I maintain a doc of lists I have found here: > > https://docs.google.com/document/d/1sAI8-_kAP02IpLCYeRnoI4ZV6a3VnWeItR2SdbUb_Ps/edit?usp=sharing > > > It hasn't been updated in awhile, so comment in the doc if I should add > something. > > One final note: Use this info in rules wisely. Just because someone > connects to you from, say, a Tor IP, it might not be an indicator of > concern. You really need to look at this stuff in context. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
