i am a happy ASL / RHel5 User.
Can anyone explain me the following things why i need it!
MODSEC_00_WHITELIST
MODSEC_00_RBL
MODSEC_05_SCANNER
MODSEC_10_ANTIMALWARE
MODSEC_10_RULES
MODSEC_20_USERAGENTS
MODSEC_30_ANTISPAM
MODSEC_40_APACHE
MODSEC_50_ROOTKITS
MODSEC_60_RECONS
MODSEC_99_JITP
at last What is OSSEC?
and How to disabled these checks: Integrity checksum changed for: '/etc/sysconfig/rkhunter'
MOD Sec
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
whitelist- for disabling mod_security by IP
rbl - real-time blacklists, just like RBL's in smtp
scanner - implements clamav scanning on uploads over http
antimalware - blacklist of known malware sites hosting remote include malware
rules - generic attack ruleset
useragents - known malware/worm/malicious useragents
antispam - comment spam rules
apache - general apache ruleset
rootkits - rootkit ruleset
recons - recon ruleset
jitp - just-in-time-patches or virtual patches. rules for known exploits in web apps.
OSSEC is the host based intrusion detection system, log analysis, and active-response engine.
Last but not least, I wouldn't recommend disabling the integrity checks. Those are what it uses to detect rootkits and other malicious activity on the file system.
rbl - real-time blacklists, just like RBL's in smtp
scanner - implements clamav scanning on uploads over http
antimalware - blacklist of known malware sites hosting remote include malware
rules - generic attack ruleset
useragents - known malware/worm/malicious useragents
antispam - comment spam rules
apache - general apache ruleset
rootkits - rootkit ruleset
recons - recon ruleset
jitp - just-in-time-patches or virtual patches. rules for known exploits in web apps.
OSSEC is the host based intrusion detection system, log analysis, and active-response engine.
Last but not least, I wouldn't recommend disabling the integrity checks. Those are what it uses to detect rootkits and other malicious activity on the file system.