Hi all,
Greetings for the day, since I am not expert user of ossec, I am having a
query about the ossec brue force block on client server mechanism.
I am having one Ossec Server and 10 linux and 5 windows host.
So if I am enabling the active response in ossec server for blocking the
bruteforce attackers so will it be updated on all clients as will as server.
For example.
Case 1
If block is triggered on server so will it inform the other
agents as will to block the ip in their host deny or firewall?
Case 2
If block is held on agent so will it be informed to other agents
as well as server to block the ip in their host deny or firewall?
If yes then what will happen if I remove the blocked IP from server of the
agent? I mean will it be removed from other agents as well.
and if I am going wrong anywhere please explain me what will happen in the
above cases.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
