On Mon, 10 Dec 2012 13:15:50 -0800 (PST) Guilmxm <guilhem.march...@gmail.com>
wrote:
> Hi,
>
> I had the same issue with Ossec 2.7 even with a server / agent fresh
> install, i confirm.
>
> Regards,
>
> Guilhem
Weird, it's working fine in 2.7 for me.
OSSEC HIDS agent_control. Available active responses:
Response name: host-deny2400, command: host-deny.sh
Response name: firewall-drop600, command: firewall-drop.sh
and ossec.conf
<active-response>
<!-- This response is going to execute the host-deny
- command for every event that fires a rule with
- level (severity) >= 6.
- The IP is going to be blocked for 600 seconds.
-->
<command>host-deny</command>
<location>local</location>
<level>6</level>
<timeout>2400</timeout>
</active-response>
<active-response>
<!-- Firewall Drop response. Block the IP for
- 600 seconds on the firewall (iptables,
- ipfilter, etc).
-->
<command>firewall-drop</command>
<location>local</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
