Thanks, Ahmet. Might you have any idea why my WinXP box keeps getting blocked when using the ssh and ftp tools, even though it's whitelisted?
Dimitri On Wednesday August 09 2006 9:12 am, Ahmet Ozturk wrote: > Hi Dimitri, > > OSSEC-HIDS configuration only accepts CIDRs /8 /16 /24 /32. > > Please see Rafael Capovilla's solution. > (http://www.ossec.net/ossec-list/2006-August/msg00063.html) > > I think Meir Michanie will correct this issue soon. > > Since you have only two agent boxes, you may define them > seperately in config file like: > <white_list>192.168.100.xx/32</white_list> > <white_list>192.168.100.yyy/32</white_list> > > Regards, > > Ahmet Ozturk. > > Dimitri Yioulos wrote: > > Hello list members. > > > > In order to use various tools on my OSSEC-HIDS server and agent > > boxes, I've whitelisted my two desktop boxes - WinXP and > > SimplyMepis Linux. > > > >>From the Linux desktop, using cli ssh and sftp tools, I have no > > > > trouble getting into the OSSEC-HIDS server or agents. From the > > Windows desktop, however, I keep getting added to hosts.deny when > > using either Putty (ssh) or WinSCP3 (sftp). I then have to > > remove the entry fr the WinXP desktop from hosts.deny and restart > > the OSSEC-HIDS server (merely removing the entry from hosts.deny > > doesn't work). I have, as per instruction, added a separate > > entry in ossec.conf for each LAN address I want to whitelist. Is > > this a possible bug, or am I doing something wrong? > > > > I tried whitelisting my entire LAN by adding > > <white_list>192.168.100.0/22</white_list>, but that didn't seem > > to work. If this isn't something I'm doing wrong, might I > > suggest adding this ability in a future release? > > > > Regards, > > > > Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
