I'm on v.2.8.3 and trying to get active response configured for my OSSEC
server. I get the error "ossec-config(1303): ERROR: Invalid command
'firewall-drop' in the active response" after restart. I checked the
permission for ar.conf, which is chowned root/ossec. . I place
"firewall-drop600 - firewall-drop.sh - 600" in ar.conf, however the file is
cleared after OSSEC restarts. Prior to restart,
/var/ossec/bin/agent_control -L shows the valid response options, but after
restart nothing is visible.
Here's my ossec.conf, which I've tried several options from examples online:
<active-response>
<disabled>no</disabled>
<command>firewall-drop</command>
<location>all</location>
<rules_id>5712</rules_id>
<timeout>600</timeout>
</active-response>
Any help appreciated!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
