Re: [ossec-list] Re: Compile issue : undefined reference ?

2016-12-20 Thread Victor Fernandez
Hi, I did compile OSSEC v2.8.3 on a clean CentOS 7 following these steps: 1. Install MySQL Community repository: curl -Lo mysql.rpm http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm mysql -y install mysql.rpm rm mysql.rpm 2. Download OSSEC v2.8.3 sources: yum -y install git

[ossec-list] Re: OSSEC rule to detect new run keys added to the registry

2016-12-20 Thread Janis Zoldners
1) Install Sysmon 5 (Sysinternals) 2) Configure registry monitoring in Sysmon configuration (xml file): Software\Microsoft\Windows\CurrentVersion\Run Software\Microsoft\Windows\CurrentVersion\RunOnce 3) Configure OSSEC agents to parse Sysmon eventlog:

Re: [ossec-list] Re: ossec run away cat and tr process

2016-12-20 Thread dan (ddp)
On Tue, Dec 20, 2016 at 1:41 PM, dan (ddp) wrote: > On Tue, Dec 20, 2016 at 1:40 PM, David Breise wrote: >> [root@turpentine ossec]# cat /etc/*release >> CentOS release 6.8 (Final) >> LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:

Re: [ossec-list] Re: Compile issue : undefined reference ?

2016-12-20 Thread dan (ddp)
On Sun, Dec 18, 2016 at 9:36 PM, Mohd Zainal Abidin Mamat wrote: > I'm getting same error using ver 2.8.3 on centos 7. Still seeking solution. > Verify that you have the devel packages installed. I just setup a Centos 7 VM, added the mysql community packages, and installed OSSEC without any error

Re: [ossec-list] Re: ossec run away cat and tr process

2016-12-20 Thread dan (ddp)
On Tue, Dec 20, 2016 at 1:40 PM, David Breise wrote: > [root@turpentine ossec]# cat /etc/*release > CentOS release 6.8 (Final) > LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch > CentOS release

Re: [ossec-list] Re: ossec run away cat and tr process

2016-12-20 Thread David Breise
[root@turpentine ossec]# cat /etc/*release CentOS release 6.8 (Final) LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch CentOS release 6.8 (Final) CentOS release 6.8 (Final) You have new mail in /v

Re: [ossec-list] Re: ossec run away cat and tr process

2016-12-20 Thread dan (ddp)
On Tue, Dec 20, 2016 at 1:19 PM, David Breise wrote: > Tested commands manually, no errors returned. This is still a problem for > us. > Which distribution are you using? I'm wondering why mktemp isn't being used (or why it's failing). > On Wednesday, January 21, 2015 at 9:32:27 AM UTC-8, dan (

Re: [ossec-list] Re: ossec run away cat and tr process

2016-12-20 Thread David Breise
Tested commands manually, no errors returned. This is still a problem for us. On Wednesday, January 21, 2015 at 9:32:27 AM UTC-8, dan (ddpbsd) wrote: > > On Wed, Jan 21, 2015 at 11:11 AM, Gil Vidals > wrote: > > Thanks for the quick reply. > > > > I do see that mktemp exists and that the te