How are you configuring those white listed subnets in the config - as a series of individual addresses?
Sent from my iPad > On May 19, 2016, at 06:42, James Siegel <[email protected]> wrote: > > I have a set of subnets that are whitelisted. > The server and agents were installed quite some time ago and are on 2.81. > > The server and the agents have been restarted at various times over the past > months as part of update/patching processes. > > The conf file was not changed during those time periods. > > My boss was locked out by active response, after successfully logging in, > then trying to su up to root, that occurred last Thursday. > > The CEO was locked out of a device last night. > > In both those instance, the devices they were originating from were part of > whitelisted subnets. > > Somehow, suddenly random occurrences of locking out whitelisted devices? > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
