We discovered that during our OSSEC trial last year. We are considering rolling out OSSEC agents to Solaris 10 hosts. If we do we will put a symbolic link from /sbin/ipf to /usr/sbin/ipf rather than change the firewall-drop.sh script.
Regards, Trevor McLeod _____ From: [email protected] [mailto:[email protected]] On Behalf Of Borut Podlipnik Sent: February-23-10 4:46 AM To: [email protected] Subject: [ossec-list] solaris active response I am wondering if nobody use active response on Solaris 10. Ipfilter didn't work. In script firewall-drop.sh there is a wrong path to ipf: IPFILTER="/sbin/ipf" and should be IPFILTER="/usr/sbin/ipf" for Solaris 10 Best regards, Borut Podlipnik
