Sorry for the double post :s
On Jun 9, 9:17 pm, Jeroen <[email protected]> wrote: > Hi, > > I need some help about this one. > I have 3 systems in total: > - 1 Debian with ossec manager (v1.6.1) > - 1 FreeBSD with ossec agent > - 1 WinXP with ossec agent > > When I test a bruteforce at one of the agents, active response does > it's work the way I want it: it blocks the attacker at both agents and > at the manager. > > But: when I do an attack at the debian system, it blocks the attacker > at that system, but not at the agents. > > This is a sample of my ossec.conf: > <active-response> > <command>host-deny</command> > <location>all</location> > <level>6</level> > <timeout>60</timeout> > </active-response> > > <active-response> > <command>host-deny</command> > <location>server</location> > <level>6</level> > <timeout>60</timeout> > </active-response> > > <active-response> > <command>firewall-drop</command> > <location>all</location> > <level>6</level> > <timeout>60</timeout> > </active-response> > > <active-response> > <command>firewall-drop</command> > <location>server</location> > <level>6</level> > <timeout>60</timeout> > </active-response> > > <active-response> > <command>win_nullroute</command> > <location>all</location> > <level>6</level> > <timeout>60</timeout> > </active-response> > > <active-response> > <command>win_nullroute</command> > <location>server</location> > <level>6</level> > <timeout>60</timeout> > </active-response> > > What do I do wrong? > > Ty
