So, if I understood this right, I'd need to modify https://github.com/ossec/ossec-hids/blob/master/active-response/firewall-drop.sh some where between like 139 and 218 to check if UFW is installed and use it to ban/unban, right?
On Sunday, November 30, 2014 at 5:30:31 PM UTC-5, dan (ddpbsd) wrote: > > > On Nov 30, 2014 5:09 PM, <[email protected] <javascript:>> wrote: > > > > Hya, > > > > I've seen docs that show how to configure OSSEC to work with IPTables, > the firewall application used in the firewall-drop.sh script. On Linux > distributions that use UFW as the default firewall application, what are > the steps that need to be taken for it to work with OSSEC in banning > attackers. > > > > Either write an active response script or modify firewall.sh to handle ufw > as well. If you decide to modify firewall.sh, we like getting pull requests. > > > TIA, > > > > > > -- > > finid > > > > -- > > > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
