Hi Ryan,
I am not too good in tuning up my active response or rules.
Any tips on how to go about it?
On Tue, Nov 10, 2015 at 1:17 PM, Ryan Schulze <r...@dopefish.de> wrote:
> Sounds like you may want to look into fine tuning your active response
> and/or rules.
>
> On 11/9/2015 10:11 PM, frwa onto wrote:
>
> Hi Santiago,
> I am just running as standalone so its not a manager or
> agent. I have another machine for instance I am using the older ossec 2.7.1
> in that one I have tried say I got my phpymadmin and when I start browsing
> huge data ossec will block me an only after some time I can login here is
> the active response log as below.
>
> Tue Nov 10 11:48:12 MYT 2015
> /var/ossec/active-response/bin/firewall-drop.sh add - 10.212.134.200
> 1447127292.12356 31106
> Tue Nov 10 11:48:12 MYT 2015 /var/ossec/active-response/bin/host-deny.sh
> add - 10.212.134.200 1447127292.12356 31106
> Tue Nov 10 11:58:42 MYT 2015 /var/ossec/active-response/bin/host-deny.sh
> delete - 10.212.134.200 1447127292.12356 31106
> Tue Nov 10 11:58:42 MYT 2015
> /var/ossec/active-response/bin/firewall-drop.sh delete - 10.212.134.200
> 1447127292.12356 31106
>
> I dont know what trigger is exactly but I know due to my browsing of huge
> data and also how to overcome this issue? In my older version I saw this
> error too
> ossec-execd: INFO: Active response command not present:
> '/var/ossec/active-response/bin/restart-ossec.cmd'. Not using it on this
> system.
>
> This is my worry on the new machine using 2.8.1 the app might get block
> from accessing the data.
>
> On Tuesday, November 10, 2015 at 9:18:45 AM UTC+8, Santiago Bassett wrote:
>>
>> Are you running an agent or the manager? I don't think OSSEC would block
>> access to your mysql db.
>>
>> On Mon, Nov 9, 2015 at 8:19 AM, frwa onto <frwa...@gmail.com> wrote:
>>
>>> Hi,
>>> I have centos server. I have managed to install ossec 2.8.1. It
>>> mainly runs a socket programming app. For every instance of a connection it
>>> will receive data and insert into mysql db. What I worried in what scenario
>>> will it block the access to this local mysql db as I can see there some
>>> rules for mysql? Sorry very new to these.
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "ossec-list" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ossec-list+...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
>
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "ossec-list" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/ossec-list/rdsEIi60ciM/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
