On Fri, Jan 16, 2015 at 8:21 AM, Yaniv Ron <[email protected]> wrote: > Awesome! > So should i dl the binary of 2.8.1, set the ports and then run make? >
You'll have to download the source, modify it, compile it, and install the resulting binaries. I'd recommend a lot of testing before pushing it out too, like I said I didn't look into any side effects. > > On Friday, January 16, 2015, dan (ddp) <[email protected]> wrote: >> >> On Fri, Jan 16, 2015 at 3:22 AM, Yaniv Ron <[email protected]> wrote: >> > Thanks, I have researched about what you have suggested and if I >> > understand >> > correctly the configuration charachteristics suggests not to use the os >> > reserved source ports (see configuration charachteristics section): >> > http://en.m.wikipedia.org/wiki/Ephemeral_port >> > >> > I have instructed our programers to fix that on our code and also >> > develop a >> > verification mechanisem that will prevent overlaps. >> > >> > I wish we would know where in the ossec code i could at least define the >> > source port as well so I could tune it for not to overlap as well. >> > >> > Do you think that somone from the community will be able to help find >> > that >> > source port configuration in the code ? (If that ofcourse make sense?) >> > >> > Thanks for the help guys! >> > >> >> I spent 5 minutes to look into it yesterday, and I think the relevant >> code would be in >> https://github.com/ossec/ossec-hids/blob/master/src/os_net/os_net.c >> >> I did not look into how hard it would be to add this feature, or what >> other implications it would have. >> >> > >> > On Thursday, January 15, 2015, Wouter Clarie <[email protected]> wrote: >> >> >> >> (Assuming you're on Linux) >> >> >> >> Are you familiar with the following sysctl settings? >> >> >> >> net.ipv4.ip_local_port_range >> >> net.ipv4.ip_local_reserved_ports >> >> >> >> Wouter >> >> >> >> On 15 Jan 2015, at 06:25, Yaniv Ron <[email protected]> wrote: >> >> >> >> see when you are running OSSEC on a SIP server for example that has >> >> lots >> >> of calls - obviously lots of these sockets will be used ( every call >> >> uses >> >> local ports). >> >> Since we have lots of servers already up and running I do not want to >> >> change the settings of the SIP on them. >> >> >> >> but I would like however to install the agents, only with the ability >> >> to >> >> define the scope of source ports so they wont interfere.... >> >> >> >> >> >> On Thu, Jan 15, 2015 at 7:18 AM, Yaniv Ron <[email protected]> wrote: >> >>> >> >>> I have my application that listens on these ports on some of my >> >>> servers...:/ its causing our application lots of problems... >> >>> >> >>> On Wed, Jan 14, 2015 at 9:51 PM, David Lang <[email protected]> wrote: >> >>>> >> >>>> On Wed, 14 Jan 2015, Yaniv Ron wrote: >> >>>> >> >>>>> I am using 30000-60000 (source ports) on my servers, how can I >> >>>>> change >> >>>>> the >> >>>>> source port that the agent is using ? >> >>>> >> >>>> >> >>>> Why are you wanting to change the source port? >> >>>> >> >>>> "well known ports" are destination ports, not source ports. Your >> >>>> browser >> >>>> talks to a website on port 80, but it talks _from_ a random high >> >>>> port. >> >>>> >> >>>> This is the normal way that all software works. >> >>>> >> >>>> David Lang >> >>>> >> >>>>> On Wed, Jan 14, 2015 at 4:53 PM, dan (ddp) <[email protected]> wrote: >> >>>>> >> >>>>>> On Wed, Jan 14, 2015 at 3:32 AM, Yaniv Ron <[email protected]> wrote: >> >>>>>>> >> >>>>>>> Hi, >> >>>>>>> I found that one of the agents was using a very strange UDP port : >> >>>>>>> >> >>>>>>> ossec-age 7055 ossec 7u IPv4 437537314 >> >>>>>>> 0t0 >> >>>>>>> UDP 10.10.10.10:56594->ossec1 >> >>>>>>> >> >>>>>> >> >>>>>> 10.10.10.10 is the agent and ossec1 is the manager? If so, then >> >>>>>> 56594 >> >>>>>> is the source port chosen at random. >> >>>>>> >> >>>>>>> This server (as well as the rest of my agents) is behind a NAT. >> >>>>>>> I tried to find information about ALL the ports that OSSEC agents >> >>>>>>> use >> >>>>>> >> >>>>>> and I >> >>>>>>> >> >>>>>>> didn't found any reasonable information for that. >> >>>>>>> >> >>>>>>> I would like to disable my ossec-agents to use these unkown ports >> >>>>>>> - >> >>>>>>> can >> >>>>>> >> >>>>>> you >> >>>>>>> >> >>>>>>> please advise about the following : >> >>>>>>> >> >>>>>>> 1) why was this port was in use ? what is it ? >> >>>>>>> 2) how can I disable it >> >>>>>>> >> >>>>>>> Thanks, >> >> >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> >> an >> >> email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > >> > -- >> > Yaniv Ron >> > +972-3-7298582 >> > Security Department | Viber S.a.r.l | www.viber.com | [email protected] >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > > > -- > Yaniv Ron > +972-3-7298582 > Security Department | Viber S.a.r.l | www.viber.com | [email protected] > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
