Hello, I would like to confirm something. We currently have master OSSEC server monitoring a few nodes. Am I right in thinking that the only place where we need to whitelist IPs for OSSEC to *not* block on the nodes is on the master server's ossec.conf file? We have a few static IPs/ranges our staff logs in from and sometimes, ossec blocks our IP (for whatever reason) and adds it to the /etc/hosts.deny file. Or do we have to whitelist IPs on every node we login to? If so, to what file?
Thank you very much for your time
