Did anyone find a solution to this problem? I've compiled the CDB and created the rules but cannot seem to get the lookup to work
On Friday, March 18, 2016 at 3:42:50 PM UTC-4, theresa mic-snare wrote: > > ehlo *, > > I have an important question about CDB lists, as I'm just researching for > my thesis on OSSEC. > yes, i've read the documentation on readthedocs, maybe i'm too daft to > understand it. > > what I have done so far: > > I've created a file called "baddomains" in /var/ossec/lists/ > content is from zeustracker ( > https://zeustracker.abuse.ch/blocklist.php?download=baddomains) > > I've added the list in the <rules></rules> section > <list>lists/baddomains</list> > > i've run > # bin/ossec-makelists > > > i'm not quite sure what the purpose of the CDB lists is.... should a rule > fire as soon as one of those domains (content of baddomains) is attacking > me?! > I don't think i've yet understood the positive/negative key match of it > > can someone please explain it to me with a real-life example? > > also what does CDB stand for? I haven't found that in the OSSEC Docs > either.... > common database? central database?! > > thanks, > theresa > -- *The information contained in or attached to this email is strictly confidential. If you are not the intended recipient, please notify us immediately by telephone and return the message to us.* -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.