Hi all,
I am using same active response options in one 2.6 ossec server and
in another 2.7 ossec server. In version 2.6 all works ok as I expect,
but under 2.7 it doesn't works. In both servers I have configured only
this active response:
<command>
<name>firewall-drop</name>
<executable>firewall-drop.sh</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<active-response>
<command>firewall-drop</command>
<location>all</location>
<level>6</level>
<timeout>86400</timeout>
<repeated_offenders>2880,4320,5760</repeated_offenders>
</active-response>
Executing agent_control in 2.7 ossec server, returns:
[root@ossec27 /tmp]# agent_control -L
OSSEC HIDS agent_control. Available active responses:
No active response available.
Do I need to reconfigure something under 2.7??
