ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Intrusion Prevention

The Intrusion Prevention app blocks suspected attackers from your network and system.

Installation

If your system does not have this app available, you can install it via the Marketplace.

You can find this feature in the menu system at the following location:

Gateway|Intrusion Protection|Intrusion Prevention

Intrusion Protection Updates and ClearSDN

https://clearos.com/dokuwiki2/lib/exe/fetch.php?media=omedia:clearsdn-icon-xxs.png The ClearSDN Intrusion Protection Updates service provides weekly signature updates to improve the effectiveness of the intrusion prevention system. These signatures are compiled from third party organizations as well as internal engineering resources from ClearCenter. With intrusion prevention, it is important to keep false positives to a minimum. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.

Configuration

7_intrusion_prevention.jpg The Intrusion Prevention system displays a list of IP addresses that have been blocked due to inappropriate network traffic.

IPS blocks can also be checked from the command line with

for SET in `ipset list -n | grep snort`; do ipset list $SET -o save | grep ^add | awk '{print $2 " "  $3}'; done

White List

Whitelisted IP addresses will be listed at the top of the page under 'White List'. You can delete an entry by choosing 'Delete' under 'Action'.

Blocked List

IP Address

This is the IP address that triggered the block. If this IP address should not be blocked, you can unblock it by clicking on 'White List' under 'Action'.

Security ID / SID

The SID corresponds to the Intrusion Detection ID that triggered the block.

Block Time

The block time field show when the block occurred.

Action

A blocked host can be added to the White List so it will not be blocked in the future. You can also remove a blocked host using Delete.

content/en_us/7_ug_intrusion_prevention.txt · Last modified: 2018/09/13 04:50 by NickH

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A7_ug_intrusion_prevention&1544777534