Hi Anthony, If you're planning on using OSSEC anyway, could you just have OSSEC monitor IPTables for any DROPs?
Example from http://securityonion.blogspot.com/2010/02/defense-in-depth-using-ossec-and-other.html: # Configure RHEL IPTables firewall to log any dropped packets to /var/log/messages to be monitored by OSSEC iptables -I RH-Firewall-1-INPUT 11 -j LOG --log-prefix="DROP " Thanks, Doug On Wed, Jul 11, 2012 at 6:32 PM, anthony kasza <[email protected]> wrote: > Hi All, > > On 10/16/11 12:18 PM, Chris Benedict wrote this list about a honeyport > project. Does anyone know if the project took off? I'm attempting to > integrate the command line scripts that John and Paul talked about at > last year's DerbyCon (see slide 38) into OSSEC's active-response. > > -AK > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Doug Burks http://securityonion.blogspot.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
