I just had a nasty incident with OSSEC blocking me via active-response (ssh error) -- I almost had to take a drive down to the co-lo to fix it, if it didn't undo.
Point being, OSSEC should *never* block anything in the white list. Period. Is this a feature or a bug?? _F
