Re: [ossec-list] Drop IP on all agents

2017-03-22 Thread dan (ddp)
On Wed, Mar 22, 2017 at 7:05 AM, Martin wrote: > Ok the problem was that I thought that all as stated in > the doc would execute the command everywhere (meaning on all the agents & > the server). > > But "all" means all the agents except the server. Thanks for pointing that

Re: [ossec-list] Drop IP on all agents

2017-03-22 Thread Martin
Ok the problem was that I thought that all as stated in the doc would execute the command everywhere (meaning on all the agents & the server). But "all" means all the agents except the server. In order to execute the command on all the agents and the server, I had to duplicate the

Re: [ossec-list] Drop IP on all agents

2017-03-17 Thread Martin
Hello, It is working now, i've re install my set-up. And after having modify the files, i did : */var/ossec/bin/ossec-control restart* on the server and all the agents. Before, I was doing this on the server only and */var/ossec/bin/agent_control -R* for the agents (but maybe my files were

Re: [ossec-list] Drop IP on all agents

2017-03-16 Thread dan (ddp)
On Thu, Mar 16, 2017 at 7:11 AM, Martin wrote: > Hello, > > Thank you for your answer. > > I modified the Active-Response in the file /var/ossec/etc/ossec.conf to look > like this; > > > > > host-deny > all > 6 > 600 > > > > > >

Re: [ossec-list] Drop IP on all agents

2017-03-16 Thread Martin
Hello, Thank you for your answer. I modified the Active-Response in the file /var/ossec/etc/ossec.conf to look like this; host-deny all 6 600 firewall-drop all 6 600 Then i added the following in /var/ossec/rules/local_rules.xml

Re: [ossec-list] Drop IP on all agents

2017-03-15 Thread dan (ddp)
On Wed, Mar 15, 2017 at 7:25 AM, Martin wrote: > Hello, > > First, i'm sorry if the question has already been asked. > > So what i'm trying to achieve is this ; > > If someone fail to log in, too many time on one of my agent, I want this ip > to be drop on all others agents

[ossec-list] Drop IP on all agents

2017-03-15 Thread Martin
Hello, First, i'm sorry if the question has already been asked. So what i'm trying to achieve is this ; If someone fail to log in, too many time on one of my agent, I want this ip to be drop on all others agents and the server. Same goes the other way around if someone try on the server i