AR_MANAGED_CONF= 110.active-response.conf AR_LOCAL_CONF= 510.active-response.local.conf AR_DESC= Active Response # Default commands AR_CMDS_DEFAULT_OPTION= DEFAULT_C AR_CMDS_DEFAULT_DESC= Commands provided by OSSEC AR_CMDS_DEFAULT_DEFINE= server local AR_CMDS_DEFAULT_DEFAULT=server local AR_OPTIONS+= AR_CMDS_DEFAULT # Config merge commands AR_CMDS_MERGE_OPTION= MERGE_C AR_CMDS_MERGE_DESC= Commands to merge configuration files AR_CMDS_MERGE_DEFINE= server local AR_CMDS_MERGE_DEFAULT= server local AR_OPTIONS+= AR_CMDS_MERGE # Config merge active response AR_MERGE_OPTION= MERGE_AR AR_MERGE_DESC= Merge configuration files when they change AR_MERGE_DEFINE= server local AR_MERGE_DEFAULT= server local AR_OPTIONS+= AR_MERGE # OSSEC restart active response AR_RESTART_OPTION= RESTART_AR AR_RESTART_DESC= Restart OSSEC when main configuration files change AR_RESTART_DEFINE= server local AR_RESTART_DEFAULT= server local AR_OPTIONS+= AR_RESTART # Host deny active response AR_HOSTDENY_OPTION= HOSTDENY_AR AR_HOSTDENY_DESC= Block the attacker's IP using access control files AR_HOSTDENY_DEFINE= server local AR_HOSTDENY_DEFAULT= AR_OPTIONS+= AR_HOSTDENY # Firewall drop active response AR_FWDROP_OPTION= FWDROP_AR AR_FWDROP_DESC= Block the attacker's IP on the firewall AR_FWDROP_DEFINE= server local AR_FWDROP_DEFAULT= AR_OPTIONS+= AR_FWDROP