This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

active response is completely broken

Posted by: Anonymous Coward on August 09, 2006 05:06 AM
I've tried injecting attacks into my log file, and active response (specifically the firewall script that triggers a block on iptables) doesn't work.

It isn't even attempting to execute the "command", because when I run the script myself it works just fine.

I spent hours fiddling with the xml rule files, injecting various dangerous attacks using echo into my log file. Doesn't even attempt to execute the firewall scripts.


Return to An open source security triple play