Hi,
I would like to know for how long time OSSEC "store" the blocked IP so that
it is considered as a repeated_offernder, ie once it has been unblocked
(after the first block), until how much later it will count as a
repeated_offender. For example, if IP X is blocked now, will it still count
a
Hi *,
I'm trying to implement a new active-response rule for a specific event (1
rule ID).
It must be implement with the tag.
Problem: I've multiple active-response rules matching this event and it
seems that OSSEC picks up the wrong one (repeater offenders are not
applied).
Any idea to debug t
I am running an agent/server configuration of OSSEC. I have added the
repeated offenders configuration block to all of my agents and the server
as follows:
120,180,240
When I restart OSSEC, I do see the messages indicating that it recognizes
the settings:
2013/03/12 10:05:50
All,
Back at the end of last year, I asked about using the repeated-offenders
feature
in OH. I added the following directives to ossec.conf on the host that I want
this to work in:
host-deny
host-deny.sh
srcip
yes
host-deny
local
6
600
Despit
code patches, and/or
help with any diagnostic testing.
I'd love to see this feature work, but it is by no means a deal-breaker for me.
- Original Message -
From: "jake 22s"
To: ossec-list@googlegroups.com
Sent: Friday, December 16, 2011 6:09:51 PM
Subject: Re: [ossec-list
f the developers know much about this?
-Original Message-
From: Chris Warren
Sender: ossec-list@googlegroups.com
Date: Fri, 16 Dec 2011 14:41:38
To:
Reply-To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] Repeated Offenders not triggering
Could be that it's only working
this, or has it working?
- Original Message -
From: "jake 22s"
To: ossec-list@googlegroups.com
Sent: Wednesday, December 14, 2011 6:56:47 AM
Subject: Re: [ossec-list] Repeated Offenders not triggering
Moving the repeated_offenders to its own block did not work for me. I don
al Message-
From: Chris Warren
Sender: ossec-list@googlegroups.com
Date: Tue, 13 Dec 2011 15:55:40
To:
Reply-To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] Repeated Offenders not triggering
Sometimes I see the same host blocked every 600 seconds (the timeout value).
I tried
ution.
- Original Message -
From: "dan (ddp)"
To: ossec-list@googlegroups.com
Sent: Tuesday, December 13, 2011 3:46:23 PM
Subject: Re: [ossec-list] Repeated Offenders not triggering
Based on http://dcid.me/2011/02/blocking-repeated-offenders-with-ossec/
I think the repeated_offend
Based on http://dcid.me/2011/02/blocking-repeated-offenders-with-ossec/
I think the repeated_offenders list should be in its own block.
Example:
firewall-drop
all
7
600
30,60,120,1440
Again, I'm not sure and I don't know how easy this will be for me to test.
On Mon, Dec 12, 2011 at
How much time passes between the blocks?
(I don't know much about repeated_offenders, so just gathering ideas.)
On Mon, Dec 12, 2011 at 10:08 PM, Chris Warren
wrote:
> Hi,
> I'm am trying out the option but it does not seem to be
> triggering.
>
> Here is my active response config:
>
>
>
+1 for this problem
I am running the latest release of ossec on FreeBSD 8.2
Sent using BlackBerry® from Orange
-Original Message-
From: Chris Warren
Sender: ossec-list@googlegroups.com
Date: Mon, 12 Dec 2011 22:08:30
To:
Reply-To: ossec-list@googlegroups.com
Subject: [ossec-list
Hi,
I'm am trying out the option but it does not seem to be
triggering.
Here is my active response config:
firewall-drop
all
7
600
30,60,120,1440
I also get this when restarting OSSEC:
2011/12/12 19:39:15 ossec-execd: INFO: Adding offenders timeout: 30 (for #1)
2
13 matches
Mail list logo