On Tue, Jun 14, 2016 at 9:01 AM, Zeal Vora <sunzealv...@gmail.com> wrote: > I'm using the latest version of OSSEC ( 2.8 ) and yes active response is > enabled. >
The latest version is 2.8.3. > So currently OSSEC clients are actively blocking attacks but due to some > reason they have also flushed all the iptables rules from memory ( like > iptables -F ) > Are there any entries in the activeresponse log file that might shed a clue? > On Tuesday, June 14, 2016 at 6:24:52 PM UTC+5:30, dan (ddpbsd) wrote: >> >> On Tue, Jun 14, 2016 at 8:17 AM, Zeal Vora <sunze...@gmail.com> wrote: >> > Hi >> > >> > We installed OSSEC in our production machines yesterday and today we saw >> > that all the iptables rules in all the machines were flushed. Something >> > similar to iptables -F >> > >> > Any idea on what can cause this ? I am aware that OSSEC active-response >> > can >> > add or remove entries from iptables but have never knew about flushing >> > entire iptables rules. >> > >> > Any help will be appreciated.! >> > >> >> Which version of OSSEC? Is active response enabled? >> >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.