Security and Technology Ramblings…

OSSEC 2.6 beta-1

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

A great new feature in 2.6 beta-1 is an added option to extend the active-response blocking for repeat offenders.

It allows you to specify a comma separated list of timeouts per re-incidence (in minutes). So the first time an IP is blocked it would use the default timeframe (600 seconds). If it gets blocked again, it would use the first entry in the list (30 minutes = 1800 seconds), then 60 minutes and then 120 minutes… Anything above that would use the latest entry.

Note: Yeah, I know it’s beta. But, this new feature is a great one. I’m testing it on a couple servers and so far, no issues.

Leave a Reply