In case that you want to block all connections, you can create an active
response script to add a specific rule in iptables.
On Wednesday, July 12, 2017 at 1:03:01 PM UTC+2, Jesus Linares wrote:
>
> I think, by default, OSSEC has the active-response for blocking an IP if
> an alert higher than
I think, by default, OSSEC has the active-response for blocking an IP if an
alert higher than 6 is fired. I recommend to disable this setting.
Regards.
On Tuesday, July 11, 2017 at 8:37:21 PM UTC+2, Cristian Lorenzetto wrote:
>
> is there a condition where ossec blocks all incoming