blob: d52f4bb287c271db7252e326c5228956e01cae7d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
AR_MANAGED_CONF= 110.active-response.conf
AR_LOCAL_CONF= 510.active-response.local.conf
AR_DESC= Active Response
# Default commands
AR_CMDS_DEFAULT_OPTION= DEFAULT_C
AR_CMDS_DEFAULT_DESC= Commands provided by OSSEC
AR_CMDS_DEFAULT_DEFINE= server local
AR_CMDS_DEFAULT_DEFAULT=server local
AR_OPTIONS+= AR_CMDS_DEFAULT
# Config merge commands
AR_CMDS_MERGE_OPTION= MERGE_C
AR_CMDS_MERGE_DESC= Commands to merge configuration files
AR_CMDS_MERGE_DEFINE= server local
AR_CMDS_MERGE_DEFAULT= server local
AR_OPTIONS+= AR_CMDS_MERGE
# Config merge active response
AR_MERGE_OPTION= MERGE_AR
AR_MERGE_DESC= Merge configuration files when they change
AR_MERGE_DEFINE= server local
AR_MERGE_DEFAULT= server local
AR_OPTIONS+= AR_MERGE
# OSSEC restart active response
AR_RESTART_OPTION= RESTART_AR
AR_RESTART_DESC= Restart OSSEC when main configuration files change
AR_RESTART_DEFINE= server local
AR_RESTART_DEFAULT= server local
AR_OPTIONS+= AR_RESTART
# Host deny active response
AR_HOSTDENY_OPTION= HOSTDENY_AR
AR_HOSTDENY_DESC= Block the attacker's IP using access control files
AR_HOSTDENY_DEFINE= server local
AR_HOSTDENY_DEFAULT=
AR_OPTIONS+= AR_HOSTDENY
# Firewall drop active response
AR_FWDROP_OPTION= FWDROP_AR
AR_FWDROP_DESC= Block the attacker's IP on the firewall
AR_FWDROP_DEFINE= server local
AR_FWDROP_DEFAULT=
AR_OPTIONS+= AR_FWDROP
|
