Hi,
yes, a cdb list is what you need.
1. Create the list: /var/ossec/lists/allow_users.txt
$ cat allow_users
jesuslinares:
maxim:
2. Add the file to ossec.conf:
lists/allow_users
3. Compile the list
$ /var/ossec/bin/ossec-makelists
4. Use in your rules:
lists/allow_users
Example:
On Mar 3, 2016 6:30 AM, "Maxim Surdu" wrote:
>
> is it a solution but can i create a list and a rule to read all my
list from the file, or something like this because now i have 300 clinets
but it can be more and it will not working more.
>
If that username isdecoded into a
is it a solution but can i create a list and a rule to read all my
list from the file, or something like this because now i have 300 clinets
but it can be more and it will not working more.
thanks for your responsiveness
joi, 3 martie 2016, 12:13:36 UTC+2, dan (ddpbsd) a scris:
>
>
> On Mar 3,
On Mar 3, 2016 4:18 AM, "Maxim Surdu" wrote:
>
> Hi dear community,
>
> i install and configure about 10 agents, and of course i have a lot of
users,a part of this users are ftp Clients
>
> in policy-rules.xml
>
> i have next rules
>
>
>
> authentication_success
>
Hi dear community,
i install and configure about 10 agents, and of course i have a lot of
users,a part of this users are ftp Clients
in policy-rules.xml
i have next rules
authentication_success
4 pm - 7 am
Successful login during non-business hours.
login_time,