On May 26, 2014 3:25 PM, "PAL 18" <[email protected]> wrote: > > Port scan blocking doesn't appear to be working. I scanned with nmap (on a different computer) and with a web based tool and OSSec didn't send me any email alerts about the scans (i get alerts for other things). > > All active response rules are set to defaults. > > I thought maybe it was because blocked ports aren't being logged so i added the following rules and it still isn't alerting me. > > /sbin/iptables -A INPUT -j LOG > /sbin/iptables -A FORWARD -j LOG > /sbin/ip6tables -A INPUT -j LOG > /sbin/ip6tables -A FORWARD -j LOG > > Any idea how i can get it working? >
Are the iptables logs being monitored? Did you create a rule to alert on scans? > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
