Howto configure OSSEC for CSF

2009/09/16, 10:25

A quick howto configure your OSSEC installation for CSF Iptables firewall frontend

Step 1: Open OSSEC config for editing

nano -w /var/ossec/etc/ossec.conf

Step 1.1: Locate “Files/directories to ignore”, And add new lines

    <ignore>/etc/prelink.cache</ignore>
    <ignore>/etc/csf/csf.temppids</ignore>
    <ignore>/etc/csf/csf.tempban</ignore>
    <ignore>/etc/csf/csf.tempint</ignore>
    <ignore>/etc/csf/stats/iptables_log</ignore>
    <ignore>/etc/csf/csf.dshield</ignore>
    <ignore>/etc/csf/csf.tempip</ignore>
    <ignore>/etc/csf/csf.deny</ignore>
    <ignore>/etc/csf/csf.tempfiles</ignore>
    <ignore>/etc/csf/csf.spamhaus</ignore>

This one is optional, might be nice if someone is sneaking their ip in.

    <ignore>/etc/csf/csf.allow</ignore>

Step 2: Restart OSSEC when your done editing

/var/ossec/bin/ossec-control restart

Share and Enjoy:

Category: Centos, OSSEC | Comment (RSS) | Trackback

2 Comments

KING SABRI says:

2009/10/28 at 00:29

Really Useful

thanks and you blog is awesome
ganool says:

2010/01/11 at 03:55

no help here..
but thx

SecureCentos.com

Howto configure OSSEC for CSF

2 Comments

Leave a Reply

Tag cloud