On Tue, Nov 26, 2013 at 9:09 AM, C. L. Martinez <[email protected]> wrote: > On Tue, Nov 26, 2013 at 2:03 PM, dan (ddp) <[email protected]> wrote: >>>>> >>>> >>>> Then I misunderstood. What part of the script looks incorrect to you? >>>> >>> >>> The content of the restart-ossec.sh script. It is not appears an >>> ossec-control restart action when agent.conf is modified. For example, >>> executing without arguments: >>> >>> [root@ossec02 bin]# ./restart-ossec.sh >>> ./restart-ossec.sh: invalid action: >>> >>> Perfect, but the problem is with the action: it can only be "add" or >>> "delete" for the hosts.deny file ... But, where is the option to do a >>> restart of the agent? >>> >> >> From the script: >> if [ "x${ACTION}" = "xadd" ]; then >> ${PWD}/../bin/ossec-control restart >> exit 0; >> >> The comments are off because of liberal copy/pasting, but Daniel is a busy >> man. >> > > > But this is for insert an ip in hosts.deny file: > > # Adding the ip to hosts.deny > if [ "x${ACTION}" = "xadd" ]; then > ${PWD}/../bin/ossec-control restart > exit 0; > > > not to restart the agent ... or I don't understand nothing ... Or do I > need to enable active response for hosts.deny?? Actually. I've > disabled this active response ... >
If you run `/var/ossec/bin/ossec-control restart` and it adds an entry to hosts.deny, you have bigger problems than this AR not working. Go ahead and test, I'll wait. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
