47 lines
1.3 KiB
Makefile
47 lines
1.3 KiB
Makefile
AR_MANAGED_CONF= 110.active-response.conf
|
|
AR_LOCAL_CONF= 510.active-response.local.conf
|
|
|
|
AR_DESC= Active Response
|
|
|
|
# Default commands
|
|
AR_CMDS_DEFAULT_OPTION= DEFAULT_C
|
|
AR_CMDS_DEFAULT_DESC= Commands provided by OSSEC
|
|
AR_CMDS_DEFAULT_DEFINE= server local
|
|
AR_CMDS_DEFAULT_DEFAULT=server local
|
|
AR_OPTIONS+= AR_CMDS_DEFAULT
|
|
|
|
# Config merge commands
|
|
AR_CMDS_MERGE_OPTION= MERGE_C
|
|
AR_CMDS_MERGE_DESC= Commands to merge configuration files
|
|
AR_CMDS_MERGE_DEFINE= server local
|
|
AR_CMDS_MERGE_DEFAULT= server local
|
|
AR_OPTIONS+= AR_CMDS_MERGE
|
|
|
|
# Config merge active response
|
|
AR_MERGE_OPTION= MERGE_AR
|
|
AR_MERGE_DESC= Merge configuration files when they change
|
|
AR_MERGE_DEFINE= server local
|
|
AR_MERGE_DEFAULT= server local
|
|
AR_OPTIONS+= AR_MERGE
|
|
|
|
# OSSEC restart active response
|
|
AR_RESTART_OPTION= RESTART_AR
|
|
AR_RESTART_DESC= Restart OSSEC when main configuration files change
|
|
AR_RESTART_DEFINE= server local
|
|
AR_RESTART_DEFAULT= server local
|
|
AR_OPTIONS+= AR_RESTART
|
|
|
|
# Host deny active response
|
|
AR_HOSTDENY_OPTION= HOSTDENY_AR
|
|
AR_HOSTDENY_DESC= Block the attacker's IP using access control files
|
|
AR_HOSTDENY_DEFINE= server local
|
|
AR_HOSTDENY_DEFAULT=
|
|
AR_OPTIONS+= AR_HOSTDENY
|
|
|
|
# Firewall drop active response
|
|
AR_FWDROP_OPTION= FWDROP_AR
|
|
AR_FWDROP_DESC= Block the attacker's IP on the firewall
|
|
AR_FWDROP_DEFINE= server local
|
|
AR_FWDROP_DEFAULT=
|
|
AR_OPTIONS+= AR_FWDROP
|