On Thu, Jun 15, 2017 at 6:39 AM, Rahul Tiwari <rtiwari0...@gmail.com> wrote: > Can you please provide the rule i am also having the same issue i need to > block the user after failed attempts. > Please help >
What is stopping you from creating a rule? Do you have log samples to help us help you? > On Thursday, April 29, 2010 at 3:41:48 AM UTC+5:30, JL wrote: >> >> Hi all, >> >> Forgive me if this has been covered somewhere, but I haven't come >> across it. >> >> >> Is there a way to have OSSEC Active Response block a particular user >> from logging in? I don't care about thresholds or # of attempts. If I >> see, 'root' for instance, attempting to logon to a server at all, can >> OSSEC match on that and drop that username and source IP immediately? >> >> >> Additionally, one question on timeouts. Is the <timeout> flag in >> seconds or in minutes? If so, I tried setting "<timeout>1</timeout>" >> but it took 54 seconds to delete from the firewall-drop.sh script. If >> it is in fact in minutes, how would I set it up to unblock in seconds? >> Otherwise, if the flag should be seconds, is there a reason why it >> would take 54 seconds to respond when I set the timeout to 1 second. I >> know this doesn't make much sense (in terms of setting to 1 second) >> but I tested with 5 and even 30 seconds and it still took a minute to >> unblock. >> >> Thanks in advance! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.