Re: [ossec-list] Protect Ossec from being uninstalled

2017-06-05 Thread Polkan Garcia 
Hi,

Im not sure, after searching on Google, you have interesting articles with many 
options, for example:

http://windowsreport.com/protect-files-deletion-windows-10/ 

Please, try and share with us your findings.

Best regards,

—PG

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Protect Ossec from being uninstalled

2017-06-05 Thread Ali Khalfan 
Excellent.  And on Windows?

On Sunday, June 4, 2017 at 11:56:41 PM UTC+3, PG@Wazuh wrote:
>
> Hi.
>
> In linux clients, you can try chattr. Using attributes, you can set 
> unchangeable flag to binaries and only append flag to configuration files 
> (for example client.keys). 
>
> $ man chattr
>
> Using a script, you can easily do in batch.
>
> Regards.
>
> —PG
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] How to know when syscheck agent finishes a scan?

2017-06-05 Thread John Kondur 
I just started to use ossec, and was doing some testing by making some 
changes in a file in a directory, and then I run from the server:


/var/ossec/bin/agent_control -r -a


if I do a query on the agent:



/var/ossec/bin/agent_control -i 1027



It will show last time it started but never shows when it completes?  Is 
there a process or way to check to see if it completed or am I not waiting 
long enough?  So far I am not seeing ossec pick up that the file changes.

Thanks

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] OSSEC windows agent on non-English Windows

2017-06-05 Thread andrewm0374 
On icaclc you can use shoter form:
system("icacls * /T /grant \"*S-1-5-32-544:F\"");
or:
system("icacls * /Q /T /grant \"*S-1-5-32-544:F\"");

"echo y|" is unnecessary, but I don't tested it yet.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Re: Email Notification using msmtp..

2017-06-05 Thread Jesus Linares 
Hi Rakesh,

In case that your SMTP server has authentication (like Gmail), it is 
necessary to configure a server relay 

 
because OSSEC does not support it by default. However, if you are using 
Gmail, I think it is possible to use directly the Google SMTP relay 
service: https://support.google.com/a/answer/176600?hl=en

Anyway, your OSSEC configuration looks right (if msmtp is working 
properly). Did you check the* ossec.log*?. It may has useful information. 
Also, review the msmtp logs.

I hope it helps.
Regards.


On Friday, June 2, 2017 at 11:58:07 PM UTC+2, Rakesh Goyal wrote:
>
> I  have configured msmtp 
>
> # Set defaults.
>> defaults
>> # Enable or disable TLS/SSL encryption.
>> tls on
>> tls_starttls on
>> tls_trust_file /etc/ssl/certs/ca-certificates.crt
>> # Setup WP account's settings.
>> account el-notification
>> domain localhost
>> host smtp.mandrillapp.com
>> port 587
>> auth login
>> user admin@*
>> password *
>> from admin@
>> logfile /var/log/msmtp/msmtp.log
>> account default : el-notification
>
>
> I am able to send mail using msmtp.
>
> How can I use msmtp with ossec without installing sendmail or postfix ? 
>
> 
>> yes
>> rakesh.goyal@**
>>
>>
>> root@localhost
>> localhost
>> 
>
>
> I tried different options but not able to send mail using msmtp.  Mails 
> are going with aspmx.l.google.com but I want to send mail through 
> smtp.mandrillapp.com. Any way of doing this in ossec 2.8.3 version ?
>  
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.