projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
obrisane nepotrebne datoteke od zadnjeg builda
[ossec-hids.git] / debian / ossec-hids / usr / share / doc / ossec-hids / active-response-internal.txt
diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/active-response-internal.txt b/debian/ossec-hids/usr/share/doc/ossec-hids/active-response-internal.txt
deleted file mode 100644 (file)
index bcb71c6..0000000
--- a/debian/ossec-hids/usr/share/doc/ossec-hids/active-response-internal.txt
+++ /dev/null
@@ -1,29 +0,0 @@
-OSSEC HIDS 0.6
-Copyright (c) 2004-2006 Daniel B. Cid   <daniel.cid@gmail.com>
-                                        <dcid@ossec.net>
-                                        
-
-How the active response works internally:
-
-- Read active-response.txt for details on configuration
-
-
-1 - The analysis server receives an event that matches the
-    active response policy.
-
-2 - The analysis server verifies that all required fields
-    are provided with the event. It means that the analysis
-    server was able to decode the event and extract the
-    necessary information. One example is if it was able
-    to extract the IP address from the event to send to 
-    the firewall to be blocked.
-    
-3 - If the active response policy specify that the action
-    must be executed locally on the AS, a message is sent
-    to the execd directly.
-
-4 - If the active response policy specify that the action
-    must be executed remotely, a message is sent to the
-    "Active response forwarder" (remoted) to forward the
-    event to the specified agent.    
-
ossec-hids