On Tue, 14 Jun 2016, Zeal Vora wrote:
We installed OSSEC in our production machines yesterday and today we saw
that all the iptables rules in all the machines were flushed. Something
similar to iptables -F
Any idea on what can cause this ? I am aware that OSSEC active-response can
add or remove entries from iptables but have never knew about flushing
entire iptables rules.
Any help will be appreciated.!
Normally, if an ossec client is stopped, it will remove all active
response entries added to the firewall rules and /etc/hosts.deny from the
time ossec was started before exiting. Is this what you're seeing or are
the entire iptables rules completely gone?
Antonio Querubin
e-mail: t...@lavanauts.org
xmpp: antonioqueru...@gmail.com