[ossec-list] Repeated offenders - timeout of IP count

2018-03-23 Thread Ricardo Almeida
Hi, I would like to know for how long time OSSEC "store" the blocked IP so that it is considered as a repeated_offernder, ie once it has been unblocked (after the first block), until how much later it will count as a repeated_offender. For example, if IP X is blocked now, will it still count a

[ossec-list] Repeated offenders?

2016-05-18 Thread Xavier Mertens
Hi *, I'm trying to implement a new active-response rule for a specific event (1 rule ID). It must be implement with the tag. Problem: I've multiple active-response rules matching this event and it seems that OSSEC picks up the wrong one (repeater offenders are not applied). Any idea to debug t

[ossec-list] Repeated Offenders not triggering

2013-03-12 Thread Martin G
I am running an agent/server configuration of OSSEC. I have added the repeated offenders configuration block to all of my agents and the server as follows: 120,180,240 When I restart OSSEC, I do see the messages indicating that it recognizes the settings: 2013/03/12 10:05:50

[ossec-list] Repeated-offenders still not working

2012-03-07 Thread Dimitri Yioulos
All, Back at the end of last year, I asked about using the repeated-offenders feature in OH. I added the following directives to ossec.conf on the host that I want this to work in: host-deny host-deny.sh srcip yes host-deny local 6 600 Despit

Re: [ossec-list] Repeated Offenders not triggering

2011-12-16 Thread Chris Warren
code patches, and/or help with any diagnostic testing. I'd love to see this feature work, but it is by no means a deal-breaker for me. - Original Message - From: "jake 22s" To: ossec-list@googlegroups.com Sent: Friday, December 16, 2011 6:09:51 PM Subject: Re: [ossec-list

Re: [ossec-list] Repeated Offenders not triggering

2011-12-16 Thread jake . 22s
f the developers know much about this? -Original Message- From: Chris Warren Sender: ossec-list@googlegroups.com Date: Fri, 16 Dec 2011 14:41:38 To: Reply-To: ossec-list@googlegroups.com Subject: Re: [ossec-list] Repeated Offenders not triggering Could be that it's only working

Re: [ossec-list] Repeated Offenders not triggering

2011-12-16 Thread Chris Warren
this, or has it working? - Original Message - From: "jake 22s" To: ossec-list@googlegroups.com Sent: Wednesday, December 14, 2011 6:56:47 AM Subject: Re: [ossec-list] Repeated Offenders not triggering Moving the repeated_offenders to its own block did not work for me. I don

Re: [ossec-list] Repeated Offenders not triggering

2011-12-14 Thread jake . 22s
al Message- From: Chris Warren Sender: ossec-list@googlegroups.com Date: Tue, 13 Dec 2011 15:55:40 To: Reply-To: ossec-list@googlegroups.com Subject: Re: [ossec-list] Repeated Offenders not triggering Sometimes I see the same host blocked every 600 seconds (the timeout value). I tried

Re: [ossec-list] Repeated Offenders not triggering

2011-12-13 Thread Chris Warren
ution. - Original Message - From: "dan (ddp)" To: ossec-list@googlegroups.com Sent: Tuesday, December 13, 2011 3:46:23 PM Subject: Re: [ossec-list] Repeated Offenders not triggering Based on http://dcid.me/2011/02/blocking-repeated-offenders-with-ossec/ I think the repeated_offend

Re: [ossec-list] Repeated Offenders not triggering

2011-12-13 Thread dan (ddp)
Based on http://dcid.me/2011/02/blocking-repeated-offenders-with-ossec/ I think the repeated_offenders list should be in its own block. Example: firewall-drop all 7 600 30,60,120,1440 Again, I'm not sure and I don't know how easy this will be for me to test. On Mon, Dec 12, 2011 at

Re: [ossec-list] Repeated Offenders not triggering

2011-12-13 Thread dan (ddp)
How much time passes between the blocks? (I don't know much about repeated_offenders, so just gathering ideas.) On Mon, Dec 12, 2011 at 10:08 PM, Chris Warren wrote: > Hi, > I'm am trying out the option but it does not seem to be > triggering. > > Here is my active response config: >   >     >

Re: [ossec-list] Repeated Offenders not triggering

2011-12-13 Thread jake . 22s
+1 for this problem I am running the latest release of ossec on FreeBSD 8.2 Sent using BlackBerry® from Orange -Original Message- From: Chris Warren Sender: ossec-list@googlegroups.com Date: Mon, 12 Dec 2011 22:08:30 To: Reply-To: ossec-list@googlegroups.com Subject: [ossec-list

[ossec-list] Repeated Offenders not triggering

2011-12-12 Thread Chris Warren
Hi, I'm am trying out the option but it does not seem to be triggering. Here is my active response config: firewall-drop all 7 600 30,60,120,1440 I also get this when restarting OSSEC: 2011/12/12 19:39:15 ossec-execd: INFO: Adding offenders timeout: 30 (for #1) 2