On Tue, Jan 13, 2015 at 9:26 AM, Yaniv Ron <y...@viber.com> wrote: > :). > > btw, change it to python or perl my friend since (I think) that sort piped > to netstat running on a machine with lots of open sockets causes the CPU to > be on 100%. > system.calls are much better on these guys (perl/python) then on bash.... > >
Bourne shell is typically more portable. > > On Tue, Jan 13, 2015 at 4:23 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> On Tue, Jan 13, 2015 at 9:22 AM, Yaniv Ron <y...@viber.com> wrote: >> > found it : >> > echo " <command>netstat -tan |grep LISTEN |grep -v 127.0.0.1 | >> > sort</command>" >> $NEWCONFIG >> > inside install.sh >> > >> > thanks man ! >> > >> >> And that took you less time than it took me to git clone a fresh copy. >> >> > >> > On Tue, Jan 13, 2015 at 6:17 AM, Yaniv Ron <y...@viber.com> wrote: >> >> >> >> Thanks, >> >> but I cannot find the file in the whole directory, however I did saw it >> >> after compilation. >> >> can you help me locate what creates ossec.mc ? (maybe I can remove it >> >> from >> >> there) >> >> >> >> On Tue, Jan 13, 2015 at 5:01 AM, dan (ddp) <ddp...@gmail.com> wrote: >> >>> >> >>> On Tue, Jan 13, 2015 at 7:58 AM, Yaniv Ron <y...@viber.com> wrote: >> >>> > Thanks, >> >>> > but is there a more reasonable way to do it on 1 package and then >> >>> > deploy it >> >>> > ? >> >>> > and if so...how ? (I tried compiling an RPM and set "n" for root >> >>> > check >> >>> > on >> >>> > /ossec-hids-2.8.1/etc/preloaded-vars.conf but it doesn't work). >> >>> > >> >>> > # If USER_ENABLE_ROOTCHECK is set to "y", >> >>> > # rootcheck will be enabled. Set to "n" to >> >>> > # disable it. >> >>> > USER_ENABLE_ROOTCHECK="n" >> >>> > >> >>> >> >>> Sure, modify src/etc/ossec.mc (I think) to remove that entry. >> >>> >> >>> > >> >>> > >> >>> > On Tue, Jan 13, 2015 at 4:50 AM, dan (ddp) <ddp...@gmail.com> wrote: >> >>> >> >> >>> >> On Tue, Jan 13, 2015 at 7:44 AM, Yaniv Ron <y...@viber.com> wrote: >> >>> >> > Hi All, >> >>> >> > >> >>> >> > I would like to disable the agents from running the command >> >>> >> > netstat >> >>> >> > , >> >>> >> > how >> >>> >> > can I do it ? >> >>> >> > (I tried reading the document on OSSEC site but unfortunately I >> >>> >> > couldn't >> >>> >> > find anything) >> >>> >> >> >>> >> Remove the appropriate <localfile> entry in the agent's ossec.conf. >> >>> >> >> >>> >> > -- >> >>> >> > Yaniv Ron >> >>> >> > +972-3-7298582 >> >>> >> > Security Department | Viber S.a.r.l | www.viber.com | >> >>> >> > y...@viber.com >> >>> >> > >> >>> >> > -- >> >>> >> > >> >>> >> > --- >> >>> >> > You received this message because you are subscribed to the >> >>> >> > Google >> >>> >> > Groups >> >>> >> > "ossec-list" group. >> >>> >> > To unsubscribe from this group and stop receiving emails from it, >> >>> >> > send >> >>> >> > an >> >>> >> > email to ossec-list+unsubscr...@googlegroups.com. >> >>> >> > For more options, visit https://groups.google.com/d/optout. >> >>> >> >> >>> >> -- >> >>> >> >> >>> >> --- >> >>> >> You received this message because you are subscribed to the Google >> >>> >> Groups >> >>> >> "ossec-list" group. >> >>> >> To unsubscribe from this group and stop receiving emails from it, >> >>> >> send >> >>> >> an >> >>> >> email to ossec-list+unsubscr...@googlegroups.com. >> >>> >> For more options, visit https://groups.google.com/d/optout. >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > -- >> >>> > Yaniv Ron >> >>> > +972-3-7298582 >> >>> > Security Department | Viber S.a.r.l | www.viber.com | >> >>> > y...@viber.com >> >>> > >> >>> > -- >> >>> > >> >>> > --- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups >> >>> > "ossec-list" group. >> >>> > To unsubscribe from this group and stop receiving emails from it, >> >>> > send >> >>> > an >> >>> > email to ossec-list+unsubscr...@googlegroups.com. >> >>> > For more options, visit https://groups.google.com/d/optout. >> >>> >> >>> -- >> >>> >> >>> --- >> >>> You received this message because you are subscribed to the Google >> >>> Groups >> >>> "ossec-list" group. >> >>> To unsubscribe from this group and stop receiving emails from it, send >> >>> an >> >>> email to ossec-list+unsubscr...@googlegroups.com. >> >>> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> >> >> >> >> >> -- >> >> Yaniv Ron >> >> +972-3-7298582 >> >> Security Department | Viber S.a.r.l | www.viber.com | y...@viber.com >> > >> > >> > >> > >> > -- >> > Yaniv Ron >> > +972-3-7298582 >> > Security Department | Viber S.a.r.l | www.viber.com | y...@viber.com >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+unsubscr...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout. > > > > > -- > Yaniv Ron > +972-3-7298582 > Security Department | Viber S.a.r.l | www.viber.com | y...@viber.com > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
