[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    Re: [ossec-list] how to remove the iptables deny rules from ossec
From:       Joe Gedeon <joe.gedeon () gmail ! com>
Date:       2012-07-27 11:31:38
Message-ID: CAM1A6KydD8V3=A0P_BH5e3jopt=zgsZXCE=LWrYqExLYbo5z3g () mail ! gmail ! com
[Download RAW message or body]

If you are using centralized configs anything for remote management,
It would be better to increase the level that the deny rules trigger
to something that you won't hit, like a level of 20.  If you didable
active response you can no longer remotely restart the ossec agent
from the ossec server when it needs to reload a new OSSEC shared
agent.conf file.

On Thu, Jul 26, 2012 at 6:58 AM, bw <bw.mail.lists@gmail.com> wrote:
> On 07/26/2012 10:13, shinu ak wrote:
>>
>>
>> I would like to remove the deny rules which is called by ossesc, I have
>> started ossec just for monitoring, want to remove such deny rules from
>> ossec config file.
>>
>>
>
> You want to disable active response.
>
> Add this to /var/ossec/ossec.conf:
>
> <active-response>
>         <disabled>yes</disabled>
> </active-response>



-- 
Registered Linux User # 379282
[prev in list] [next in list] [prev in thread] [next in thread]