On Sat, Jan 5, 2019 at 1:07 AM ram sri <ramsri13...@gmail.com> wrote:
> On Saturday, January 5, 2019 at 11:20:21 AM UTC+5:30, dan (ddpbsd) wrote: > > On Fri, Jan 4, 2019 at 5:54 PM ram sri <ramsr...@gmail.com> wrote: > > > > > > > > > > .cmd files won’t run on linux, it’s a windows script. > > > > > > > > Yes, but how can i run script for windows machine? > > > > > > > > > > > > > > > > How do you have active response configured? > > Same , i configured in ossec.conf (ossec server). > > > > > > > > Which active response command are you trying to run? > > > > I tried restart-ossec.cmd, firewall-drop.cmd, winroute-nul.cmd . These > three command trigger bt not action. as you said .cmd file won't run linux > means why ossec specified this example > https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html. > please give me a solution. > > > > > > > > Can you check the ownership and permissions of the script? > > Initially i give file permission to execute the windows script(.cmd > file). > > > > > > > > > > I want to know, is the ossec active response is applicable for windows > machine(not windows agent) and linux machine ( i am not asking about ossec > server and ossec agent) . > > > > > > > > If you can write a script to remotely run the commands from an ossec > agent on a non-ossec agent system it can work. We don’t support running > active reponse on non-ossec systems. > > > > > Okay.if i write a script for remotely execute command means we give that > non-oesec agent system user credentials to remote script??? > > The script runs on an ossec system. It will probably have to authenticate to the non-ossec system somehow. > > > > > > > > Thanks, > > > > > > > > > > -- > > > > > > > > --- > > > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+...@googlegroups.com. > > > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
