Hi DM,
<1> please check if you have enabled the active-response in ossec.conf like
this
<active-response>
<disabled>no</disabled>
<command>host-deny</command>
<location>local</location>
<level>6</level>
<timeout>600</timeout>
</active-response>
<2> please check if you have added the ip from which you tried logins into
the whitelist in ossec.conf like this
<global>
<white_list>202.96.xxx.yyy</white_list>
</global>
Best wishes,
Yours
Xu Feng
Yuanjie Networks,Shanghai,China
MSN: [EMAIL PROTECTED]
_____
From: [email protected] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: 2008年2月20日 22:06
To: [EMAIL PROTECTED]
Subject: [ossec-list] Active response not working
I installed ossec on centos 5.1 server. When I try to do ssh login with fake
user. It's sending the alerts to my email id but its not blocking the IP'
for 600 seconds.
Any suggestions?
Thanks
DM
