No, everything configuration wise is still vanilla (aside from what the installer asked me). How would i do that?
On Monday, May 26, 2014 4:49:27 PM UTC-4, dan (ddpbsd) wrote: > > > On May 26, 2014 3:25 PM, "PAL 18" <[email protected] <javascript:>> > wrote: > > > > Port scan blocking doesn't appear to be working. I scanned with nmap > (on a different computer) and with a web based tool and OSSec didn't send > me any email alerts about the scans (i get alerts for other things). > > > > All active response rules are set to defaults. > > > > I thought maybe it was because blocked ports aren't being logged so i > added the following rules and it still isn't alerting me. > > > > /sbin/iptables -A INPUT -j LOG > > /sbin/iptables -A FORWARD -j LOG > > /sbin/ip6tables -A INPUT -j LOG > > /sbin/ip6tables -A FORWARD -j LOG > > > > Any idea how i can get it working? > > > > Are the iptables logs being monitored? Did you create a rule to alert on > scans? > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
