On Wed, Mar 22, 2017 at 7:05 AM, Martin wrote:
> Ok the problem was that I thought that all as stated in
> the doc would execute the command everywhere (meaning on all the agents &
> the server).
>
> But "all" means all the agents except the server.
Thanks for pointing that
Ok the problem was that I thought that all as stated
in the doc would execute the command everywhere (meaning on all the agents
& the server).
But "all" means all the agents except the server.
In order to execute the command on all the agents and the server, I had to
duplicate the
Hello,
It is working now, i've re install my set-up. And after having modify the
files, i did : */var/ossec/bin/ossec-control restart* on the server and all
the agents. Before, I was doing this on the server only and
*/var/ossec/bin/agent_control
-R* for the agents (but maybe my files were
On Thu, Mar 16, 2017 at 7:11 AM, Martin wrote:
> Hello,
>
> Thank you for your answer.
>
> I modified the Active-Response in the file /var/ossec/etc/ossec.conf to look
> like this;
>
>
>
>
> host-deny
> all
> 6
> 600
>
>
>
>
>
>
Hello,
Thank you for your answer.
I modified the Active-Response in the file /var/ossec/etc/ossec.conf to
look like this;
host-deny
all
6
600
firewall-drop
all
6
600
Then i added the following in /var/ossec/rules/local_rules.xml
On Wed, Mar 15, 2017 at 7:25 AM, Martin wrote:
> Hello,
>
> First, i'm sorry if the question has already been asked.
>
> So what i'm trying to achieve is this ;
>
> If someone fail to log in, too many time on one of my agent, I want this ip
> to be drop on all others agents
Hello,
First, i'm sorry if the question has already been asked.
So what i'm trying to achieve is this ;
If someone fail to log in, too many time on one of my agent, I want this ip
to be drop on all others agents and the server.
Same goes the other way around if someone try on the server i