Re: [ossec-list] Blank /etc/hosts.deny
On Sun, 10 May 2015, fi...@vivaldi.net wrote: This was a clean install of 2.8.1 on a fresh Debian 8 server. Actually you're right - a clean agent install of 2.8.1 would still have the problem with the spaces around the '=' in host-deny.sh since 2.8.1 actually introduced that problem. And if I'm reading the commit log correctly, the patch to adduser.sh did actually make it into 2.9-beta4. Sorry for the confusion. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com
Re: [ossec-list] Blank /etc/hosts.deny
This was a clean install of 2.8.1 on a fresh Debian 8 server. -- finid On 2015-05-10 20:24, Antonio Querubin wrote: On Sun, 10 May 2015, Doug Burks wrote: Please see the comments here: http://www.ossec.net/?p=1135 Unfortunately, adduser.sh was also broken in 2.8.1 on certain systems resulting in various files not being updated as expected on an agent when install.sh is run. Ie. if you installed 2.8.1 over a previous version, your agent may still be using the older binaries and scripts. Unfortunately, the patch for adduser.sh didn't make it to the stable branch in time for the pending 2.9 release. Two workarounds are to do a clean agent install to ensure your host-deny.sh is the most recent or just install host-deny.sh manually from the source. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
On Sun, 10 May 2015, Doug Burks wrote: Please see the comments here: http://www.ossec.net/?p=1135 Unfortunately, adduser.sh was also broken in 2.8.1 on certain systems resulting in various files not being updated as expected on an agent when install.sh is run. Ie. if you installed 2.8.1 over a previous version, your agent may still be using the older binaries and scripts. Unfortunately, the patch for adduser.sh didn't make it to the stable branch in time for the pending 2.9 release. Two workarounds are to do a clean agent install to ensure your host-deny.sh is the most recent or just install host-deny.sh manually from the source. Antonio Querubin e-mail: t...@lavanauts.org xmpp: antonioqueru...@gmail.com
Re: [ossec-list] Blank /etc/hosts.deny
Thanks, -- finid On 2015-05-10 13:45, Doug Burks wrote: Please see the comments here: http://www.ossec.net/?p=1135 [2] On Sunday, May 10, 2015, wrote: Yes, active-response is enabled, but is it designed to delete all the contents of that file? I thought it's supposed to append denied IP address to the file... -- finid On 2015-05-10 12:08, Eero Volotinen wrote: Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. kirjoitti: Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however, the hosts.deny file is blank, not even a comment or # character. Is that expected, or did something go wrong during installation? TIA, -- finid -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1] [1]. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1] [1]. Links: -- [1] https://groups.google.com/d/optout [1] -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. -- Doug Burks Need Security Onion Training or Commercial Support? http://securityonionsolutions.com [3] -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. Links: -- [1] https://groups.google.com/d/optout [2] http://www.ossec.net/?p=1135 [3] http://securityonionsolutions.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Please see the comments here: http://www.ossec.net/?p=1135 On Sunday, May 10, 2015, wrote: > Yes, active-response is enabled, but is it designed to delete all the > contents of that file? I thought it's supposed to append denied IP address > to the file... > > > > -- > finid > > > On 2015-05-10 12:08, Eero Volotinen wrote: > >> Well, did you actived active response? It might modify hosts.deny .. >> 10.5.2015 7.53 ip. kirjoitti: >> >> Hi, >>> >>> Before installing OSSEC on a Debian 8 server, I took a look at the >>> hosts.deny and hosts.allow files and noted that they were not blank. >>> After installing OSSEC, however, the hosts.deny file is blank, not >>> even a comment or # character. >>> >>> Is that expected, or did something go wrong during installation? >>> >>> TIA, >>> >>> -- >>> finid >>> >>> -- >>> >>> --- You received this message because you are subscribed to the >>> Google Groups "ossec-list" group. >>> To unsubscribe from this group and stop receiving emails from it, >>> send an email to ossec-list+unsubscr...@googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout [1]. >>> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to ossec-list+unsubscr...@googlegroups.com. >> For more options, visit https://groups.google.com/d/optout [1]. >> >> >> Links: >> -- >> [1] https://groups.google.com/d/optout >> > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Doug Burks Need Security Onion Training or Commercial Support? http://securityonionsolutions.com -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Yes, active-response is enabled, but is it designed to delete all the contents of that file? I thought it's supposed to append denied IP address to the file... -- finid On 2015-05-10 12:08, Eero Volotinen wrote: Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. kirjoitti: Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however, the hosts.deny file is blank, not even a comment or # character. Is that expected, or did something go wrong during installation? TIA, -- finid -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout [1]. Links: -- [1] https://groups.google.com/d/optout -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Blank /etc/hosts.deny
Well, did you actived active response? It might modify hosts.deny .. 10.5.2015 7.53 ip. kirjoitti: > Hi, > > Before installing OSSEC on a Debian 8 server, I took a look at the > hosts.deny and hosts.allow files and noted that they were not blank. After > installing OSSEC, however, the hosts.deny file is blank, not even a comment > or # character. > > Is that expected, or did something go wrong during installation? > > TIA, > > > > -- > finid > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Active-responsive about eject usb
I have script file eject USB is eject.cmd had content: $a =Get-WmiObject win32_logicaldisk -filter 'DriveType=2' | ForEach-Object{$kt = $_.DeviceID $Eject = New-Object -comObject Shell.Application $Eject.Namespace(17).ParseName("$kt").InvokeVerb("Eject") } Where can I put this file(in agent-window or server-centOS). Plus question: I learned from this link: http://ossec-docs.readthedocs.org/en/latest/manual/monitoring/process-monitoring.html when I plug usb first time--->I get 1 alert, but when I plug it again, I didn't get another alert. Why and how I get more alert -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Blank /etc/hosts.deny
Hi, Before installing OSSEC on a Debian 8 server, I took a look at the hosts.deny and hosts.allow files and noted that they were not blank. After installing OSSEC, however, the hosts.deny file is blank, not even a comment or # character. Is that expected, or did something go wrong during installation? TIA, -- finid -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Ossec with ZeroMQ + Logstash + ELS + Kibana ( Nginx as a Rproxy ) Installations Write-up
Awsome post On Tuesday, October 21, 2014 at 1:54:15 AM UTC+5:30, Mehmet Dursun Ince wrote: > > Hi everyone > > I was try to manage make successfully log transfer from Ossec to Logstash > with ZeroMQ. I've read Vic Hargrave and other guys blog post about this > purpose. But I thought that trying to parse ossec log file or syslog > messages is not easy, for me at least. I realize that ossec sending already > parsed data when zeromq feature enabled. But I faced lots of trouble, > especially logstash side (because ffi-rzmq packages) while I was trying to > install services. > > In short, I solved issues and managed to work whole system and write very > detailed blog post about this. I believe this installation guide can be > useful and time saving for people who want to build same thing. > > > https://www.mehmetince.net/cyber-threat-monitoring-system-with-ossec-zeromq-logstash-elasticsearch-and-kibana/ > > Thanks > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.