tag:blogger.com,1999:blog-4088979.post4965821180349815435..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: OSSEC and Pf on FreeBSD to Limit SSH Brute ForcingRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-4088979.post-45438202893713788622014-09-04T08:56:04.825-04:002014-09-04T08:56:04.825-04:00Nice article, thanks for this!
On your setup the o...Nice article, thanks for this!<br />On your setup the ossec server and pf daemon are running on the same box (gateway)? Is it possible to have ossec server located on another device to talk to another box pf?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-42642358110839424242009-04-09T07:05:00.000-04:002009-04-09T07:05:00.000-04:00This comment has been removed by a blog administrator.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-80224105555165617692009-01-10T00:21:00.000-05:002009-01-10T00:21:00.000-05:00Just wondered if you could give any direction as y...Just wondered if you could give any direction as you have mentioned both projects before. I currently use splunk to index/aggregate my logs and have a decent number of custom apps/bundles and reports for events across my network. I also aggregate my httpd logs, mail logs, vpn access logs, etc to help our helpdesk. I've started deploying ossec agents to most of the same hosts that are sending off their logs via syslog and was wondering if you had any experience with implementing ossec and splunk in the same environment without duplicated log aggregation efforts.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-50868876720984524392008-12-31T11:34:00.000-05:002008-12-31T11:34:00.000-05:00Hi Charlene,I would use OSSEC in conjunction with ...Hi Charlene,<BR/><BR/>I would use OSSEC in conjunction with Snort. The class I'm writing for Black Hat right now describes how to do that.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-48105621772926525642008-12-31T11:22:00.000-05:002008-12-31T11:22:00.000-05:00I am curious about OSSEC. Is it better than Snort...I am curious about OSSEC. Is it better than Snort, or an alternative, or to be used in conjunction with it.<BR/><BR/>I'm an inexperienced Sys Admin for some freeBSD servers through an ISP (so I don't have full responsibility). One of our servers got badly hacked and a client paid for an outside vendor to check out the servers. Of course he's trying to sell his own hosting service, and I want to be sure that we really need to go that route.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-23688387825895695372008-12-26T17:07:00.000-05:002008-12-26T17:07:00.000-05:00And if you don't want to run fail2ban - you can ju...And if you don't want to run fail2ban - you can just do it with <A HREF="http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1274148,00.html" REL="nofollow">iptables</A>.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-41656035128940355632008-12-26T08:47:00.000-05:002008-12-26T08:47:00.000-05:00Fixed, thanks.Fixed, thanks.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-58964555969238392062008-12-26T02:10:00.000-05:002008-12-26T02:10:00.000-05:00Hey Richard. Your link to ossec is incorrect. It s...Hey Richard. Your link to ossec is incorrect. It should be http://www.ossec.net not .org.<BR/><BR/>Great post.Unknownhttps://www.blogger.com/profile/17207450903220062402noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-75693849436422816422008-12-26T01:09:00.000-05:002008-12-26T01:09:00.000-05:00For what it's worth (to you or your readers) fail2...For what it's worth (to you or your readers) fail2ban does similar on Linux with iptables.Anonymousnoreply@blogger.com