I'm using the latest version of OSSEC ( 2.8 ) and yes active response is enabled.
So currently OSSEC clients are actively blocking attacks but due to some reason they have also flushed all the iptables rules from memory ( like iptables -F ) On Tuesday, June 14, 2016 at 6:24:52 PM UTC+5:30, dan (ddpbsd) wrote: > > On Tue, Jun 14, 2016 at 8:17 AM, Zeal Vora <[email protected] > <javascript:>> wrote: > > Hi > > > > We installed OSSEC in our production machines yesterday and today we saw > > that all the iptables rules in all the machines were flushed. Something > > similar to iptables -F > > > > Any idea on what can cause this ? I am aware that OSSEC active-response > can > > add or remove entries from iptables but have never knew about flushing > > entire iptables rules. > > > > Any help will be appreciated.! > > > > Which version of OSSEC? Is active response enabled? > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
