Hi guys, I'm running ossec on my MacOS X (10.4.8) based box, and have tried to enable active response by way of the supplied script ipfw_mac.sh, but so far without any luck.
The script is places in /var/ossec/active-response/bin/ and have the following permissions: -rwxr-xr-x 1 root ossec 1604 Feb 7 10:06 ipfw_mac.sh I might add that the rest of ossec seems to run just fine, and I recieve alerts by email when something's wrong – only thing not working is active response. If anyone has succeded in setting up ossec with active response on a Mac, I would be extremely grateful for your help. Any suggestions are welcome. /Lars
