This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

active response is completely broken

Posted by: Anonymous Coward on August 09, 2006 05:06 AM
I've tried injecting attacks into my log file, and active response (specifically the firewall script that triggers a block on iptables) doesn't work.

It isn't even attempting to execute the "command", because when I run the script myself it works just fine.

I spent hours fiddling with the xml rule files, injecting various dangerous attacks using echo into my log file. Doesn't even attempt to execute the firewall scripts.

#

Return to An open source security triple play