Do one thing try to ssh on your machine with wrong password after 5/6 attempt your IP will get block by iptable and /etc/hosts.deny
Enjoy!!! On Wed, Mar 2, 2011 at 2:18 PM, Tanishk Lakhaani <[email protected]> wrote: > Hi all, > I have active response configured in my environment. No what ia am worried > abt is that how do I get to knw that an IP address has been blocked by Active > response configuration. Do I need to chek the active response.log file at the > manager side everytime... Or there is some other way. I was thinking of > integrating the same with email alerting in OSsEC > > > Regards > Tanishk Lakhaani > Sent from BlackBerry® on Airtel
