«
»

Howto configure OSSEC for CSF

2009/09/16, 10:25

A quick howto configure your OSSEC installation for CSF Iptables firewall frontend




Step 1: Open OSSEC config for editing

nano -w /var/ossec/etc/ossec.conf

Step 1.1: Locate “Files/directories to ignore”, And add new lines

    <ignore>/etc/prelink.cache</ignore>
    <ignore>/etc/csf/csf.temppids</ignore>
    <ignore>/etc/csf/csf.tempban</ignore>
    <ignore>/etc/csf/csf.tempint</ignore>
    <ignore>/etc/csf/stats/iptables_log</ignore>
    <ignore>/etc/csf/csf.dshield</ignore>
    <ignore>/etc/csf/csf.tempip</ignore>
    <ignore>/etc/csf/csf.deny</ignore>
    <ignore>/etc/csf/csf.tempfiles</ignore>
    <ignore>/etc/csf/csf.spamhaus</ignore>

This one is optional, might be nice if someone is sneaking their ip in.

    <ignore>/etc/csf/csf.allow</ignore>

Step 2: Restart OSSEC when your done editing

/var/ossec/bin/ossec-control restart
Category: Centos, OSSEC  |  Comment (RSS)  |  Trackback
  • KING SABRI

    Really Useful

    thanks and you blog is awesome

  • http://ganool.blogspot.com ganool

    no help here..
    but thx

  • Rscalover

    my smtp server does not work…

    2010/12/08 08:24:37 ossec-maild(1223): ERROR: Error Sending email to xxx.xxx.xxx.xx (smtp server)

    that server is the correct one i’m scrachting my head… a bug ??

  • http://www.facebook.com/laurelai.bailey Laurelai Bailey

    nevermind meant to post elsewhere

  • http://twitter.com/MisterLulzSec Lulzius Secundandis

    Greets from @MisterLulzSec