On May 26, 2014 6:14 PM, "PAL 18" <[email protected]> wrote: > > No, everything configuration wise is still vanilla (aside from what the installer asked me). How would i do that? >
Add a localfile entry in the system's ossec.conf to monitor the logfile the iptables logs are saved to. Use ossec-logtest to write a decoder, if necessary, and rules to get the desired behaviour. > On Monday, May 26, 2014 4:49:27 PM UTC-4, dan (ddpbsd) wrote: >> >> >> On May 26, 2014 3:25 PM, "PAL 18" <[email protected]> wrote: >> > >> > Port scan blocking doesn't appear to be working. I scanned with nmap (on a different computer) and with a web based tool and OSSec didn't send me any email alerts about the scans (i get alerts for other things). >> > >> > All active response rules are set to defaults. >> > >> > I thought maybe it was because blocked ports aren't being logged so i added the following rules and it still isn't alerting me. >> > >> > /sbin/iptables -A INPUT -j LOG >> > /sbin/iptables -A FORWARD -j LOG >> > /sbin/ip6tables -A INPUT -j LOG >> > /sbin/ip6tables -A FORWARD -j LOG >> > >> > Any idea how i can get it working? >> > >> >> Are the iptables logs being monitored? Did you create a rule to alert on scans? >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >> >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
