Dear,
I wonder if there is any way in ossec, configuration of active-response
activating it by blocking the source and destination in firewall-drop.sh
for example:
if [ "X${UNAME}" = "XLinux" ]; then
if [ "x${ACTION}" = "xadd" ]; then
ARG1="-I INPUT -s ${IP} -j DROP"
ARG2="-I F
Hi, folks.
Even though I've been using O-H for w while now, I still think I have this
screwed up: I want to use the firewall active response. However, it doesn't
seem to be working. My firewall is on a different box from O-H server.
Here's the directive I have in my ossec.conf file: