OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
A great new feature in 2.6 beta-1 is an added option to extend the active-response blocking for repeat offenders.
It allows you to specify a comma separated list of timeouts per re-incidence (in minutes). So the first time an IP is blocked it would use the default timeframe (600 seconds). If it gets blocked again, it would use the first entry in the
Note: Yeah, I know it’s beta. But, this new feature is a great one. I’m testing it on a couple servers and so far, no issues.
Leave a Reply
You must be logged in to post a comment.