If you look in the logs directory on the clients, it will show you the
commands that are run to add and remove ips.
On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote:
>
> Hi,
>
> I would like to know for how long time OSSEC "store" the blocked IP so
> that it is considered
By default, 10 minutes. But you can change it.
Add this to the ossec.conf on the client machines. The values are in
seconds and you can adjust them
600,3600,7200, 14400
On Friday, March 23, 2018 at 10:20:54 AM UTC-4, Ricardo Almeida wrote:
>
> Hi,
>
> I would like to know for how long
Hi Jesus,
It worked much better! Kicking out offenders more and more now :-)
My Google-fu was also better yesterday and I found this blog post:
https://mebsd.com/freebsd-security-hardening/solved-ossec-repeated-offenders-ignored.html
/x
On Thu, May 19, 2016 at 10:11 AM, Xavier Mertens
Thanks for the tips! I'll test again following your advices...
/x
On Thu, May 19, 2016 at 9:33 AM, Jesus Linares wrote:
> Hi,
>
> I guess that your command needs an IP, so if your rule *xxx *doesn't have
> the field *srcip *extracted (by the proper decoder) the active-response
Hi,
I guess that your command needs an IP, so if your rule *xxx *doesn't have
the field *srcip *extracted (by the proper decoder) the active-response
will not work.
Also, keep in mind that *repeated_offenders *must be in* ossec.conf* of *every
agent* (*shared/agent.conf* or
On 03/12/2012 10:49 AM, Dimitri Yioulos wrote:
Anyone have any ideas on this?
All,
Back at the end of last year, I asked about using the repeated-offenders
feature
in OH. I added the following directives to ossec.conf on the host that I
want
this to work in:
command
On Monday 12 March 2012 12:24:47 pm Steven Stern wrote:
On 03/12/2012 10:49 AM, Dimitri Yioulos wrote:
Anyone have any ideas on this?
All,
Back at the end of last year, I asked about using the repeated-offenders
feature
in OH. I added the following directives to ossec.conf on the
On 03/12/2012 11:53 AM, Dimitri Yioulos wrote:
On Monday 12 March 2012 12:24:47 pm Steven Stern wrote:
On 03/12/2012 10:49 AM, Dimitri Yioulos wrote:
Anyone have any ideas on this?
All,
Back at the end of last year, I asked about using the repeated-offenders
feature
in OH. I added the
be blocked per-agent.
I manage my config changes with puppet so it should be a quick fix :)
- Original Message -
From: c0by jake@gmail.com
To: ossec-list ossec-list@googlegroups.com
Sent: Saturday, December 17, 2011 7:46:25 AM
Subject: [ossec-list] Re: Repeated Offenders not triggering
I
Thanks for finding that. If I haven't already, I'll update the docs.
On Sat, Dec 17, 2011 at 7:46 AM, c0by jake@gmail.com wrote:
I did some more testing, and I am happy to say I believe this issue is
SOLVED!
The issue is that the repeated offenders configuration needs to be on
the
I did some more testing, and I am happy to say I believe this issue is
SOLVED!
The issue is that the repeated offenders configuration needs to be on
the *agents* ossec.conf file, and *not* in the servers ossec.conf. I
believe you could have it on both so it is used for both the server
and agent.
my config changes with puppet so it should be a quick fix :)
- Original Message -
From: c0by jake@gmail.com
To: ossec-list ossec-list@googlegroups.com
Sent: Saturday, December 17, 2011 7:46:25 AM
Subject: [ossec-list] Re: Repeated Offenders not triggering
I did some more testing
12 matches
Mail list logo