Port scan blocking doesn't appear to be working. I scanned with nmap (on a different computer) and with a web based tool and OSSec didn't send me any email alerts about the scans (i get alerts for other things).
All active response rules are set to defaults. I thought maybe it was because blocked ports aren't being logged so i added the following rules and it still isn't alerting me. /sbin/iptables -A INPUT -j LOG /sbin/iptables -A FORWARD -j LOG /sbin/ip6tables -A INPUT -j LOG /sbin/ip6tables -A FORWARD -j LOG Any idea how i can get it working? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
