Hi Dimitri,
OSSEC-HIDS configuration only accepts CIDRs /8 /16 /24 /32.
Please see Rafael Capovilla's solution.
(http://www.ossec.net/ossec-list/2006-August/msg00063.html)
I think Meir Michanie will correct this issue soon.
Since you have only two agent boxes, you may define them
seperately in config file like:
<white_list>192.168.100.xx/32</white_list>
<white_list>192.168.100.yyy/32</white_list>
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Hello list members.
In order to use various tools on my OSSEC-HIDS server and agent boxes,
I've whitelisted my two desktop boxes - WinXP and SimplyMepis Linux.
From the Linux desktop, using cli ssh and sftp tools, I have no
trouble getting into the OSSEC-HIDS server or agents. From the
Windows desktop, however, I keep getting added to hosts.deny when
using either Putty (ssh) or WinSCP3 (sftp). I then have to remove
the entry fr the WinXP desktop from hosts.deny and restart the
OSSEC-HIDS server (merely removing the entry from hosts.deny doesn't
work). I have, as per instruction, added a separate entry in
ossec.conf for each LAN address I want to whitelist. Is this a
possible bug, or am I doing something wrong?
I tried whitelisting my entire LAN by adding
<white_list>192.168.100.0/22</white_list>, but that didn't seem to
work. If this isn't something I'm doing wrong, might I suggest
adding this ability in a future release?
Regards,
Dimitri