On Tue, Dec 11, 2012 at 6:47 AM, C. L. Martinez <carlopm...@gmail.com> wrote: > On Mon, Dec 10, 2012 at 9:46 PM, Brenden Walker <bren...@unruleable.org> > wrote: >> On Mon, 10 Dec 2012 13:15:50 -0800 (PST) Guilmxm >> <guilhem.march...@gmail.com> wrote: >>> Hi, >>> >>> I had the same issue with Ossec 2.7 even with a server / agent fresh >>> install, i confirm. >>> >>> Regards, >>> >>> Guilhem >> >> Weird, it's working fine in 2.7 for me. >> >> OSSEC HIDS agent_control. Available active responses: >> >> Response name: host-deny2400, command: host-deny.sh >> Response name: firewall-drop600, command: firewall-drop.sh >> >> >> and ossec.conf >> >> <active-response> >> <!-- This response is going to execute the host-deny >> - command for every event that fires a rule with >> - level (severity) >= 6. >> - The IP is going to be blocked for 600 seconds. >> --> >> <command>host-deny</command> >> <location>local</location> >> <level>6</level> >> <timeout>2400</timeout> >> </active-response> >> >> <active-response> >> <!-- Firewall Drop response. Block the IP for >> - 600 seconds on the firewall (iptables, >> - ipfilter, etc). >> --> >> <command>firewall-drop</command> >> <location>local</location> >> <level>6</level> >> <timeout>600</timeout> >> </active-response> >> > > Uhmm I have found another problem, well two problems: > > a) I have defined another active response: > > <command> > <name>restart-ossec</name> > <executable>restart-ossec.sh</executable> > <expect></expect> > </command> > > <active-response> > <command>restart-ossec</command> > <location>all</location> > <rules_id>120000</rules_id> > </active-response> > > ... and It doesn't appears: > > [root@ossectst etc]# agent_control -L > > OSSEC HIDS agent_control. Available active responses: > > Response name: firewall-drop86400, command: firewall-drop.sh > > b) active response firewall-drop.sh it doesn't works for a FreeBSD 8.3 > system (using version 2.6 for server and agent works) > > Please, any idea??
Any idea please?? This problem is really strange ....