Re: [ossec-list] JD for review: Oracle GL Restructuring Technical Consultant @ Dublin, OH
Hi, Please stop spamming ossec list. -- Eero 2015-04-08 0:16 GMT+03:00 saquib ansari : > *Please have a look on the below requirement and if interested revert me > back with your updated profile.* > > > > *Role: Oracle GL Restructuring Technical Consultant* > > *Location: Dublin, OH* > > *Start Date: ASAP* > > *Duration:2+ months* > > > > > > *Job Description * > > > > ERP Fins/EBS Core Financials/Technical/GL Restructuring > > • Client is looking for technical resource that can help them with > EBS data chances due to a restructuring project. > > • The desired experience for this work is someone who has done > divestiture projects/GL restructuring. The need is to have someone start > on-site in Dublin, Ohio ASAP and have them on site for approximately 2 > months. > > Please see below for a list of modules that the resource should be > familiar with: > > Fixed assets > > Payables > > Projects > > General Ledger > > AL > > Purchasing > > Property Manager > > > > > > *Saquib Ansari* > > *IT Recruiter *| > *Technology Resource Group Inc. *3736 Hills-dale Court Santa Clara, CA > 95051 > > Office: 408-709-1760. EXT: 848. Fax: 408-884-2409 > > saq...@tresourceinc.com | www.tresourceinc.com > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] JD for review: Oracle GL Restructuring Technical Consultant @ Dublin, OH
*Please have a look on the below requirement and if interested revert me back with your updated profile.* *Role: Oracle GL Restructuring Technical Consultant* *Location: Dublin, OH* *Start Date: ASAP* *Duration:2+ months* *Job Description * ERP Fins/EBS Core Financials/Technical/GL Restructuring • Client is looking for technical resource that can help them with EBS data chances due to a restructuring project. • The desired experience for this work is someone who has done divestiture projects/GL restructuring. The need is to have someone start on-site in Dublin, Ohio ASAP and have them on site for approximately 2 months. Please see below for a list of modules that the resource should be familiar with: Fixed assets Payables Projects General Ledger AL Purchasing Property Manager *Saquib Ansari* *IT Recruiter *| *Technology Resource Group Inc. *3736 Hills-dale Court Santa Clara, CA 95051 Office: 408-709-1760. EXT: 848. Fax: 408-884-2409 saq...@tresourceinc.com | www.tresourceinc.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Custom decoder issue
i have tested with *program_name* tag added instead of prematch, it worked. but with *prematch* it is not working. Can you please test with me ? i don't know why it is not working for me ! <*decoder* name="fakeinc_custom"> <*prematch*>^Fakeinc: and my custom log is : *Mar 26 10:56:36 small-VirtualBox small: Fakeinc: service for: toto@10.0.0.2 Failed* Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ERROR: Invalid ID for the source ip: 'x.x.x.x'
Is source address incorrect? Ipsec connections, firewalls with nat rules can cause this kind of issues. Try dumping ossec traffic from manager and check that ip source is correct? Eero 7.4.2015 11.36 ip. "Sinisha Erceg" kirjoitti: > Thanks Eero for your quick reply. I am aware of this and we only use > either a direct IP address or a subnet range. Would this still occur using > a subnet? We explicitly do not use ANY. I may have tested this on a box a > while back but it’s nothing that is currently being used for any of our > monitored hosts. > > > > > > *Sinisha Erceg* IT Security Analyst > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] ERROR: Invalid ID for the source ip: 'x.x.x.x'
Thanks Eero for your quick reply. I am aware of this and we only use either a direct IP address or a subnet range. Would this still occur using a subnet? We explicitly do not use ANY. I may have tested this on a box a while back but it's nothing that is currently being used for any of our monitored hosts. Sinisha Erceg IT Security Analyst -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ERROR: Invalid ID for the source ip: 'x.x.x.x'
2015-04-07 21:55 GMT+03:00 Sinisha Erceg : > Hello, > > > > I apologize in advance for lack of understanding and I’ve attempted to > look through the forums but I have inherited OSSEC from a predecessor and I > have limited *nix experience. I’ve managed to fix some items but some are > still very bewildering. > > > > I’ll start with the error: ERROR: Invalid ID for the source ip: 'x.x.x.x' > and the IP addresses they list are nowhere in our agent listing. I’m > having issues even trying to discover the host that this error is > indicating but there are a whole bunch of these for IP addresses that we > have not installed OSSEC on. > > > > Where can I start to look? Again, without going into this too much more, > I have attempted to search the forums and can find information generally on > this error if the IP is valid but I’m stumped on the fact that it’s giving > me this error knowing that those IPs have never been added to the server. > > > > Any assistance would be greatly appreciated. > > > Hi, Agent key contains ip address of agent, if ANY is not used instead of ip address. check the documentation about agents: http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-management.html -- Eero -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] ERROR: Invalid ID for the source ip: 'x.x.x.x'
Hello, I apologize in advance for lack of understanding and I've attempted to look through the forums but I have inherited OSSEC from a predecessor and I have limited *nix experience. I've managed to fix some items but some are still very bewildering. I'll start with the error: ERROR: Invalid ID for the source ip: 'x.x.x.x' and the IP addresses they list are nowhere in our agent listing. I'm having issues even trying to discover the host that this error is indicating but there are a whole bunch of these for IP addresses that we have not installed OSSEC on. Where can I start to look? Again, without going into this too much more, I have attempted to search the forums and can find information generally on this error if the IP is valid but I'm stumped on the fact that it's giving me this error knowing that those IPs have never been added to the server. Any assistance would be greatly appreciated. Sinisha Erceg IT Security Analyst -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Fwd: Urgent requirement :: Systems Analyst with NASCO and Mainframe experience @Detroit, MI
Hey there, Greetings for the day. Please have a look on below requirement and if interested, revert me back with your updated profile. *Job Title:* Systems Analyst *Location:* Detroit, MI *Duration:* 1+ year with the possibility of extension. *Engagement Description: * Responsible for planning, developing, testing and implementing IT system solutions that improve business efficiency and productivity as well as support business strategies and goals. They identify and communicate business needs and translate business requirements into technical system and functional specifications. Systems Analysts determine if internal or external solutions exist or whether new solutions are feasible. They map process flows and must determine if these solutions impact existing work processes and systems as well as ensure proper integration, testing, and system/user documentation. They are also responsible for providing input surrounding buy vs. build decisions for possible IT system solutions. *Job Responsibilities:* ? Work on Compass customer servicing desktop production support activities ? Assist in the transition from the Compass project to base production support ? Identify, analyze, and resolve small to complex issues ? Use analytical skills while working on small to medium size projects ? Define and document business and system requirements ? Develop testing artifacts such as test cases, test data, and test status ? Execute test cases, document results, and record defects in ClearQuest *Top Three Technical Skills/Experience: (Please include the # of years)* 1. Extremely strong analytical skills (7 years minimum experience). 2. Ability to quickly identify issue root cause and formulate a correction action plan (7 years minimum experience). 3. Experience supporting business partners, vendor partners, and other IT areas in a production application environment (5 years minimum experience). *Required Skills/Experience:* ? At least 7 years? experience as a Senior Systems Analyst. ? Ability to work on business and technical solutions. *Preferred Skills/Experience:* ? Developing and supporting solutions in the NASCO environment, with a focus on customer servicing desktop systems. ? Health care experience. ? System integration and user acceptance testing ? Working knowledge of IBM 3270 TSO environment ? Working knowledge of mainframe JCL, NDM and FTP *Educational Requirements:* ? Bachelor's degree in related field preferred. *Saquib Ansari* *IT Recruiter *| *Technology Resource Group Inc. *3736 Hills-dale Court Santa Clara, CA 95051 Office: 408-709-1760. EXT: 848. Fax: 408-884-2409 saq...@tresourceinc.com | www.tresourceinc.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] use_fqdn
Hi, I'm running ossec-hids 2.8.1 on centos and when trying to use the use_fqdn setting for the syslog_output properties I get the following in the ossec logs and the service fail to start: ossec.log 2015/04/07 13:15:46 ossec-config(1230): ERROR: Invalid element in the configuration: 'use_fqdn'. 2015/04/07 13:15:46 ossec-config(1202): ERROR: Configuration error at '/var/ossec/etc/ossec.conf'. Exiting. ossec.conf section 127.0.0.1 7 yes The documentation seems to imply that the feature is available on 2.8.1 (http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.syslog_output.html) but github tell us otherwise. Can someone confirm if the documentation is accurate or not and what my options are to stop ossec from truncating the hostname when generating syslog messages? Thanks in advance, Daniel -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Ossec
On Apr 6, 2015 5:57 PM, "pmartin2b" wrote: > > hummm > what is fips ? > it seems to be linked with openssl > how to desactivate ? > It's a US government standard, often applied to openssl. I don't know how to get rid of the message, I've never used the fips support. > > Le lundi 6 avril 2015 23:26:34 UTC+2, dan (ddpbsd) a écrit : >> >> >> On Apr 6, 2015 4:58 PM, "pmartin2b" wrote: >> > >> > hello >> > >> > I installed Ossec on a debian server with very classical configuration. >> > since few days I received many email like this one >> > >> > >> > OSSEC HIDS Notification. >> > 2015 Apr 06 18:46:31 >> > >> > Received From: sd-32709->/var/log/syslog >> > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." >> > Portion of the log(s): >> > >> > Apr 6 18:46:29 sd-32709 rngd[28258]: stats: FIPS 140-2 failures: 5 >> > >> > >> > >> > --END OF NOTIFICATION >> > >> > I reinstalled Ossec but same problem >> > if someone can help me >> > thk >> > >> >> Rngd is having a fips 140-2 failure. I'm guessing installing fips support was the first error. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Wheezy/x86 : installation does not creates startup script
Yesss, great! I just have tested: it works! There were a side effect of another "bug" (by my fault): on my VMs, /tmp is mounted with noexec attribute. When I try to reinstall with your command line, I've seen the execution of /tmp/ossec-hids.config.220781, so, with a proper remount, the problem is solved. Thank you very much! Franck-Sébastien. Le mardi 7 avril 2015 05:31:43 UTC+2, Santiago Bassett a écrit : > > Hi Franck, > > did you have the opportunity to test the solution I sent, I really would > appreciate your feedback. Thanks! > > Santiago. > > On Fri, Apr 3, 2015 at 11:29 PM, Santiago Bassett > wrote: > >> HI Franck, >> >> I've been working on it, and it looks like this is an issue that occurs >> when you remove the package and then install it again. Did you have any >> previous version of ossec-hids installed or tried to install it multiple >> times? >> >> Please try running this command: >> >> sudo apt-get -o Dpkg::Options::="--force-confmiss" install --reinstall >> ossec-hids >> >> Let me know if that fixes the issue. On my side, I'll see if there is a >> way to avoid this by modifying the package. >> >> Best, >> >> Santiago. >> >> On Thu, Apr 2, 2015 at 10:34 AM, Santiago Bassett >> wrote: >> >>> Ok, I actually had some work urgencies yesterday and couldn't >>> troubleshoot the issue. Will be back to you soon with an update. >>> >>> Best >>> >>> On Thu, Apr 2, 2015 at 6:14 AM, wrote: >>> Thanks Santiago! I'm working on 32 bits virtual machines, and have installed both ossec-hids and ossec-hids-agent (it's for clients) version 2.8.1-1wheezy_i386 (sorry I haven't seen your answer yesterday) -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. >>> >>> >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: OSSEC HIDS 2.8.1 Installtion issue on HPUX
That would be either the braindead default C compiler, which you cannot use to build anything more complicated than the kernel, or the (expensive) HP C-ANSI-C compiler, in which case you are missing a lot of flags: what if you add -z +Z -Ae -AC99? Op dinsdag 7 april 2015 06:53:50 UTC+2 schreef sudhir ojha: > > Hi, > I am getting some error while installing ossec hids 2.8.1 agent on hpux . > can any one suggest solution for this issie please? > > *** Making os_xml *** > cc -g -Wall -I../ -I../headers -DDEFAULTDIR=\"/var/ossec\" > -DCLIENT -DUSE_OPENSSL -DHPUX -D_XOPEN_SOURCE_EXTENDED -DHIGHFIRST > -D_REENTRANT -DARGV0=\"os_xml\" -DOSSECHIDS -c *.c > os_xml.c: > cc: "os_xml.h", line 51: error 1000: Unexpected symbol: ")". > cc: panic 2017: Cannot recover from earlier errors, terminating. > os_xml_access.c: > cc: "os_xml.h", line 51: error 1000: Unexpected symbol: ")". > cc: panic 2017: Cannot recover from earlier errors, terminating. > os_xml_node_access.c: > cc: "os_xml.h", line 51: error 1000: Unexpected symbol: ")". > cc: panic 2017: Cannot recover from earlier errors, terminating. > os_xml_variables.c: > cc: "os_xml.h", line 51: error 1000: Unexpected symbol: ")". > cc: panic 2017: Cannot recover from earlier errors, terminating. > os_xml_writer.c: > cc: "os_xml.h", line 51: error 1000: Unexpected symbol: ")". > cc: panic 2017: Cannot recover from earlier errors, terminating. > *** Error exit code 5 > Stop. > Error Making os_xml > *** Error exit code 1 > Stop. > Error 0x5. > Building error. Unable to finish the installation. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] any way to disable netstat syscheckd on OSSEC Server for alle Clients?
Hello Together, is there any way to disable the netstat syscheck component for all Clients? This check produces a lot of false positives in our enviornment. best regards philipp -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.