Re: [ossec-list] Disable all rules for ossec server
Hi dan, It's work, Only include two files: rules_config.xml ossec_rules.xml And change config to rules_config.xml to: syslog Generic template for all syslog rules. ids Generic template for all ids rules. windows Generic template for all windows rules. ossec Generic template for all ossec rules. Restart ossec Thanks for help! El miércoles, 3 de mayo de 2017, 22:50:10 (UTC+2), dan (ddpbsd) escribió: > > On Tue, May 2, 2017 at 4:37 AM, Huc Manté Miras <hucm...@gmail.com > > wrote: > > Only its needed to include two rule files: > > > > > > > > rules_config.xml > > ossec_rules.xml > > > > > > Using just those 2 files allows OSSEC to start for me. > You can check the ossec.log for more information on why it failed. I'm > guessing something in local_rules.xml that relied on a rule that was > removed. > > > > > > > El martes, 2 de mayo de 2017, 10:24:23 (UTC+2), Huc Manté Miras > escribió: > >> > >> Sorry man in the my last comment, i send the information. > >> > >> El miércoles, 26 de abril de 2017, 21:01:24 (UTC+2), dan (ddpbsd) > >> escribió: > >>> > >>> On Wed, Apr 26, 2017 at 5:42 AM, Huc Manté Miras <hucm...@gmail.com> > >>> wrote: > >>> > I try to remove all includes but not work :( > >>> > > >>> > >>> You provided me with no information to help correct the issue. > >>> > >>> > El martes, 25 de abril de 2017, 17:41:56 (UTC+2), dan (ddpbsd) > >>> > escribió: > >>> >> > >>> >> > >>> >> > >>> >> On Apr 25, 2017 11:25 AM, "Huc Manté Miras" <hucm...@gmail.com> > wrote: > >>> >> > >>> >> Hello, > >>> >> > >>> >> I try to disable all rules to ossec server. > >>> >> > >>> >> This is possible? > >>> >> > >>> >> > >>> >> Have you tried removing the rules from the server's ossec.conf? > >>> >> > >>> >> > >>> >> > >>> >> Thanks!! > >>> >> > >>> >> -- > >>> >> > >>> >> --- > >>> >> You received this message because you are subscribed to the Google > >>> >> Groups > >>> >> "ossec-list" group. > >>> >> To unsubscribe from this group and stop receiving emails from it, > send > >>> >> an > >>> >> email to ossec-list+...@googlegroups.com. > >>> >> For more options, visit https://groups.google.com/d/optout. > >>> >> > >>> >> > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to ossec-list+...@googlegroups.com. > >>> > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com . > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Disable all rules for ossec server
Only its needed to include two rule files: rules_config.xml ossec_rules.xml El martes, 2 de mayo de 2017, 10:24:23 (UTC+2), Huc Manté Miras escribió: > > Sorry man in the my last comment, i send the information. > > El miércoles, 26 de abril de 2017, 21:01:24 (UTC+2), dan (ddpbsd) escribió: >> >> On Wed, Apr 26, 2017 at 5:42 AM, Huc Manté Miras <hucm...@gmail.com> >> wrote: >> > I try to remove all includes but not work :( >> > >> >> You provided me with no information to help correct the issue. >> >> > El martes, 25 de abril de 2017, 17:41:56 (UTC+2), dan (ddpbsd) >> escribió: >> >> >> >> >> >> >> >> On Apr 25, 2017 11:25 AM, "Huc Manté Miras" <hucm...@gmail.com> >> wrote: >> >> >> >> Hello, >> >> >> >> I try to disable all rules to ossec server. >> >> >> >> This is possible? >> >> >> >> >> >> Have you tried removing the rules from the server's ossec.conf? >> >> >> >> >> >> >> >> Thanks!! >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google >> Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send >> an >> >> email to ossec-list+...@googlegroups.com. >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Re: Disable all rules for ossec server
Hello, Thanks for the reply, but I can not get it to work. I made changes to the file as you indicate and I tried to restart ossec but it failed. root@OSSEC-SERVER-UBUNTU:/var/ossec/etc# cat ossec.conf | grep rules rules_config.xml ossec_rules.xml local_rules.xml root@OSSEC-SERVER-UBUNTU:/var/ossec/etc# ../bin/ossec-control restart ossec-monitord not running .. ossec-logcollector not running .. ossec-remoted not running .. ossec-syscheckd not running .. ossec-analysisd not running .. ossec-maild not running .. ossec-execd not running .. ossec-dbd not running .. OSSEC HIDS v2.8.3 Stopped Starting OSSEC HIDS v2.8.3 (by Trend Micro Inc.)... OSSEC analysisd: Testing rules failed. Configuration error. Exiting. root@OSSEC-SERVER-UBUNTU:/var/ossec/etc# El miércoles, 26 de abril de 2017, 16:26:02 (UTC+2), Nikki S escribió: > > Yes, you can disable all rules via OSSEC.conf. From the testing I did, the > only rules that have to always remain enabled are OSSEC.rules, rules_config > and local rules > > On Tuesday, April 25, 2017 at 11:25:57 AM UTC-4, Huc Manté Miras wrote: >> >> Hello, >> >> I try to disable all rules to ossec server. >> >> This is possible? >> >> Thanks!! >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Disable all rules for ossec server
I try to remove all includes but not work :( El martes, 25 de abril de 2017, 17:41:56 (UTC+2), dan (ddpbsd) escribió: > > > > On Apr 25, 2017 11:25 AM, "Huc Manté Miras" <hucm...@gmail.com > > wrote: > > Hello, > > I try to disable all rules to ossec server. > > This is possible? > > > Have you tried removing the rules from the server's ossec.conf? > > > > Thanks!! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+...@googlegroups.com . > For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Disable all rules for ossec server
Hello, I try to disable all rules to ossec server. This is possible? Thanks!! -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.