Hi SupuS,
On Mon, Feb 21, 2011 at 6:19 PM, SupuS wrote:
> Hi,
>
> I would like to block IP address of SSH attacker for 1 hour but I
> don't want block other events for that long time.
>
> In ossec mail I found rule ID:
>
> Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access
> to
Hi,
I would like to block IP address of SSH attacker for 1 hour but I
don't want block other events for that long time.
In ossec mail I found rule ID:
Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access
to the system."
so I put following code to /var/ossec/etc/ossec.conf:
On Fri, Jul 23, 2010 at 13:00, reg wrote:
[trim]
> Here is my command and active response configuration. Even though I do
> not need any data from the rule itself, the
> tags were required for OSSEC to start, but that's another
> issue(I think).
>
>
> mailtest
> mailtest.sh
> srcip
>
--On July 23, 2010 11:00:21 AM -0700 reg wrote:
I am trying to write a custom active response based upon the
instructions here.
http://www.ossec.net/wiki/Know_How:CustomActiveResponses
To test, I copied this text exactly and ran it on the server no
problem. However, I would
like to have thi
I am trying to write a custom active response based upon the
instructions here.
http://www.ossec.net/wiki/Know_How:CustomActiveResponses
To test, I copied this text exactly and ran it on the server no
problem. However, I would
like to have this script ran on a remote host. To test, I copied the
s