Active response is acting up abnormally in 2.8.1 Active response is enabled. Subnets are whitelisted in ossec.conf on the server. The server and the agents have all been restarted over the past few months during patching cycles.
Last week my boss was locked out by active response while demonstrating something during a webex/team call. Last night, the CEO was locked out of a different box. Both of their devices were in a whitelisted subnet range. In the case of my boss, he was logged in, and tried to su up to root and that is when it happened. The CEO tried logging in to a box and was locked out. My boss has asked me to reach out and see if anyone else is having issues. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
