Hello, I have have version 0.9.2 of Ossec and am having issues with address not being added to hosts.deny when an active response is triggered. I have the active respnse setup to fire the host.deny command at level 10 I am seeing the /etc/hosts.deny file being touched at that time but no entries are being added. I have the timeout set for 24 hrs Any help would be appreciated Received From: *->/var/log/secure Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the system." Portion of the log(s):
sshd[17033]: Failed password for invalid user admin from ::ffff: 82.77.140.41 port 62783 ssh2 sshd[17033]: Invalid user admin from ::ffff:82.77.140.41 sshd[17031]: Failed password for invalid user fluffy from ::ffff: 82.77.140.41 port 62619 ssh2 sshd[17031]: Invalid user fluffy from ::ffff:82.77.140.41 sshd[17029]: Failed password for invalid user slasher from ::ffff: 82.77.140.41 port 62485 ssh2 sshd[17029]: Invalid user slasher from ::ffff:82.77.140.41 sshd[17025]: Failed password for invalid user sifak from ::ffff: 82.77.140.41 port 62357 ssh2
