Hi, I ran across the following problem: We manage our servers from a small office with an Internet connection with dynamic IP Address. I don't want to run into problems with OSSEC blocking our office because of some issues with websites, CMS backend, forgotten passwords and other stuff. So I thought I'd just whitelist our office by the hostname of our router. I configured our router with dyndns and this works fine, we can resolve our office-IP address by the dyndns hostname.
BUT OSSEC seems not to update the whitelisted addresses, our office got blocked although whitelisted by hostname. Did OSSEC resolve the IP address just once at start time and when the dynamic IP address changes, OSSEC still has the old one in its whitelist (which is now useless)? Any solution for this? Or do we have to buy a static IP address for the office? Even a block for 1 Minute is bad for the office, because people are working on websites on our servers. Loosing work in progress makes the colleagues angry about me. :-) Of course I can log in via SSH via another server and then unblock the office. But I don't want to loosen security neither. Greetings Rainer