Howto configure OSSEC for APF

A quick howto configure your OSSEC installation for APF Iptables firewall frontend




Step 1: Open OSSEC config for editing

nano -w /var/ossec/etc/ossec.conf

Step 1.1: Locate “Files/directories to ignore”, And add new lines

    <ignore>/etc/prelink.cache</ignore>
    <ignore>/etc/apf/internals/.last.full</ignore>
    <ignore>/etc/apf/internals/.apf.restore</ignore>

Step 2: Restart OSSEC when your done editing

/var/ossec/bin/ossec-control restart