Dan,
Upon reading the OSSEC book again it appears to confirm my suspicion
that all means all agents.
So, how do you include the server as well?
I tried locationserver,all/location as someone else's post
suggested but it doesn't work. The active response seems to work only
on the server if I
Dan,
Some more testing reveals the following: if I change the location to
server and then attack an agent, the firewall drops on the server
and /etc/hosts.deny file is modified on the server.
So, there seem to be two problems revealed here:
1. all doesn't mean all. It appears to mean only