Hi
" Are you stating that active-response is being triggered for rules other
than 5712 and 5720?"
Yes,it is exactly the problem.
I just wonder there is some bug on Ossec HIDS in this field.
Thank you.
-----邮件原件-----
发件人: [email protected] [mailto:[EMAIL PROTECTED] 代
表 Peter M. Abraham
发送时间: 2007年12月28日 23:23
收件人: ossec-list
主题: [ossec-list] Re: 答复: [ossec-list] Re: active-response problems
Greetings Xu Feng:
"Though I defined the active-response on the server only being
triggered by rules (5712,5720) which are sshd rules, when multiple
errors from the same IP in the Apache logs turned up, the IP was
blocked by hosts.deny on the agent.
Any idea to help me out? "
Are you stating that active-response is being triggered for rules
other than 5712 and 5720?
Thank you.
