Question
Use the links to help you answer the 3 questions please: http://ossec-docs.readthedocs.org/en/latest/manual/index.html http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.active-response.html 1. How would you configure active response to send the block to
Use the links to help you answer the 3 questions please:
http://ossec-docs.readthedocs.org/en/latest/manual/index.html
http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.active-response.html
1. How would you configure active response to send the block to all agents?
2. When would you block a user vs block an IP (host-deny.sh vs firewall-drop.sh)? When would you want to use both in conjunction?
3. Looking in the rules directory for sshd, how would you add a threshold so that the server does not block on 1 failed login attempt? What do you believe would be the proper amount of attempts before blocking a user at the host firewall? And what timeframe?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
SQL Server Database Programming With Visual Basic.NET Concepts Designs And Implementations
Authors: Ying Bai
1st Edition
1119608503, 978-1119608509
