If you’re just starting out with OSSIM, chances are you have thousands of incidents due to misconfiguration.
One way to “start fresh” is to to launch ossim-db and run the following :
DELETE FROM incident;
This will delete ALL incidents and tickets.
Note: Backup first, and keep that backup for reference.
If you’re getting “data connection refused errors” when trying to ftp onto a CentOS box, make sure your ip_conntrack_ftp is loaded.
The default RH/CentOS iptables script includes a conntrack statement :
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
but does not load the ftp module.
to fix on the fly run :
modprove ip_conntrack_ftp
to make sure it happens again on boot modify your /etc/sysconfig/iptables-config modules list :
IPTABLES_MODULES=”ip_conntrack_netbios_ns ip_conntrack_ftp”
