Try to run the command manually. Somethign like "/bin/sh -x /var/ossec/active-response/bin/firewall-drop.sh add - 61.219.241.34 1267610653.11162971 3302" might give even more information as to where the script is breaking.
2010/3/3 Lfi <[email protected]>: > Hi, after upgrade ossec to v. 2.3 i'm getting errors in active response log: > > Unable to run (iptables returning != 1): 2 - > /var/ossec/active-response/bin/firewall-drop.sh delete - 59.113.13.72 > 1267616906.15587767 3301 > Unable to run (iptables returning != 1): 3 - > /var/ossec/active-response/bin/firewall-drop.sh delete - 57.248.195.86 > 1267616896.15567808 3301 > Unable to run (iptables returning != 1): 3 - > /var/ossec/active-response/bin/firewall-drop.sh delete - 152.126.38.248 > 1267616910.15590855 3301 > Unable to run (iptables returning != 1): 1 - > /var/ossec/active-response/bin/firewall-drop.sh add - 61.219.241.34 > 1267610653.11162971 3302 > > > Where is the problem? > > Greets! > > > To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
