We had deployed OSSEC Client across all our servers in the evening and next day morning we find that all iptables rules were flushed. It were for around 50+ machines. OSSEC client were running. We then had stop OSSEC client for investigation and load iptables rules again.
On Tuesday, June 14, 2016 at 9:30:41 PM UTC+5:30, Antonio Querubin wrote: > > On Tue, 14 Jun 2016, Zeal Vora wrote: > > > We installed OSSEC in our production machines yesterday and today we saw > > that all the iptables rules in all the machines were flushed. Something > > similar to iptables -F > > > > Any idea on what can cause this ? I am aware that OSSEC active-response > can > > add or remove entries from iptables but have never knew about flushing > > entire iptables rules. > > > > Any help will be appreciated.! > > Normally, if an ossec client is stopped, it will remove all active > response entries added to the firewall rules and /etc/hosts.deny from the > time ossec was started before exiting. Is this what you're seeing or are > the entire iptables rules completely gone? > > Antonio Querubin > e-mail: [email protected] <javascript:> > xmpp: [email protected] <javascript:> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
