Dan, There is nothing in the logs.
The scripts on the server are in place and executable. I can run firewall-drop.sh on the server from the command line with the correct arguments and it works. The symptoms are still the same: simulating an attack on one of the OSSEC agent hosts results in the firewall being dropped and /etc/ hosts.deny being modified on all hosts except the one running the OSSEC server. Further: today I simulated an attack on the OSSEC server itself. An alert was generated (5712, severity 10) but there was no active response of any kind on the OSSEC server or any of the OSSEC agents. Trevor On May 6, 2:47 pm, "dan (ddp)" <[email protected]> wrote: > Anything in the logs? Maybe /var/ossec/logs/ossec.log? > Are the scripts in place and executable? > Have you tried running one of the scripts to see if it works on that system? > > > > On Thu, May 6, 2010 at 4:20 PM, tm <[email protected]> wrote: > > Hello, > > > I have the location set to "all" in the firewall-drop and host-deny > > active responses in the ossec.conf file on the OSSEC server. If I > > simulate an attack on one of the OSSEC agent hosts, both responses are > > working on all the OSSEC agents but not on the OSSEC server. > > > Any ideas? > > > Thanks, > > Trevor- Hide quoted text - > > - Show quoted text -
