Open adamgyongyosi opened 6 years ago
Is ossec-execd
running on the agent? Does firewall-drop.sh
exist? Does it work if you run it locally?
yes local is work
Is ossec-execd
running on the agent?
It does not look like execd is running. Is it disabled in the ossec.conf?
agent ossec.conf: https://pastebin.com/n8QFJgWH server ossec.conf: https://pastebin.com/2fzpEizF
Try adding this to the agent's ossec.conf and restarting the processes:
<active-response>
<disabled>no</disabled>
</active-response>
Hello
I would need a command prompt because I would like to forbid the agent's IP addresses from the ossec server manually.
try
/var/ossec/bin/agent_control -b 84.1.195.241 -f firewall-drop -u 001
response
OSSEC HIDS agent_control: Running active response 'firewall-drop' on: 001
list and try agent
[root@monitoring ~]# /var/ossec/bin/agent_control -L
OSSEC HIDS agent_control. Available active responses:
Response name: firewall-drop600, command: firewall-drop.sh
[root@monitoring ~]# /var/ossec/bin/agent_control -b 84.1.195.241 -f firewall-drop600 -u 001
OSSEC HIDS agent_control: Running active response 'firewall-drop600' on: 001
not working
I'm sorry for the wrong English