On Saturday, January 5, 2019 at 8:26:16 PM UTC+5:30, dan (ddpbsd) wrote: > On Sat, Jan 5, 2019 at 1:07 AM ram sri <ramsr...@gmail.com> wrote: > On Saturday, January 5, 2019 at 11:20:21 AM UTC+5:30, dan (ddpbsd) wrote: > > > On Fri, Jan 4, 2019 at 5:54 PM ram sri <ramsr...@gmail.com> wrote: > > > > > > > > > > > > > > > .cmd files won’t run on linux, it’s a windows script. > > > > > > > > > > > > Yes, but how can i run script for windows machine? > > > > > > > > > > > > > > > > > > > > > > > > How do you have active response configured? > > > Same , i configured in ossec.conf (ossec server). > > > > > > > > > > > > Which active response command are you trying to run? > > > > > > I tried restart-ossec.cmd, firewall-drop.cmd, winroute-nul.cmd . These > > three command trigger bt not action. as you said .cmd file won't run linux > > means why ossec specified this example > > https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html. > > please give me a solution. > > > > > > > > > > > > Can you check the ownership and permissions of the script? > > > Initially i give file permission to execute the windows script(.cmd file). > > > > > > > > > > > > > > > I want to know, is the ossec active response is applicable for windows > > machine(not windows agent) and linux machine ( i am not asking about ossec > > server and ossec agent) . > > > > > > > > > > > > If you can write a script to remotely run the commands from an ossec agent > > on a non-ossec agent system it can work. We don’t support running active > > reponse on non-ossec systems. > > > > > > > > Okay.if i write a script for remotely execute command means we give that > non-oesec agent system user credentials to remote script??? > > > > > > > > The script runs on an ossec system. It will probably have to authenticate to > the non-ossec system somehow. > Okay, can you explain why winroute-null.cmd not working in ossec agent .where i will configure that winroute-null.cmd file , because its .cmd file. I configure like this https://ossec-docs.readthedocs.io/en/latest/manual/ar/ar-windows.html, but its not working. > > > > > > > > > > > Thanks, > > > > > > > > > > > > > > > -- > > > > > > > > > > > > --- > > > > > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > > > > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+...@googlegroups.com. > > > > > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout.
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
