Monthly Archives: February 2011

Blocking repeated offenders with OSSEC

By default OSSEC has a static timeout on our active response scripts. You specify the action and how long to block the IP Address: <active-response> <command>host-deny</command> <location>local</location> <level>6</level> <timeout>600</timeout> </active-response> Which works well for most of the time. However, if … Continue reading

Posted in ossec, v2.6 | 4 Comments