Hi Martin,
Thanks for finding the problem. This is actually a very strange check
that I have no
clue what it is used for. Hopefully this will fix the problem for everyone...
*David and Alan, can you guys check if this change fixes the problem on your
systems too?
Thanks,
--
Daniel B. Cid
dcid
Yes, please. Share it with us :) We also have the one that Lars pointed at:
http://www.dreness.com/bits/tech/adduser.html , so we can look at both and have
something that would work on all Macs...
thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 8/9/06, ChuckD <[EMAIL PROTECTED]> wrote:
I w
I found the following script to add a user via commandline:
http://www.dreness.com/bits/tech/adduser.html
Am 09.08.2006 um 23:16 schrieb ChuckD:
>
> I wrote a small script for creating the users/group via cmd line,
> using
> nireport and niload. It's not fully tested yet, and the code needs
I wrote a small script for creating the users/group via cmd line, using
nireport and niload. It's not fully tested yet, and the code needs a
little clean-up, but it works on OSX 10.4 (not tested on Panther). If
folks are interested I'll post the script and load files to the list.
-Chuck
Daniel C
Yes I believe that the process described using niload will work in
any version of Mac OS X.
In any case for your reference I am copying below the full man page
for niload
As for -r, sorry for the confusion but it IS supported, the man page
for cp says:
COMPATIBILITY
Historic ver
I wrote a small script for creating the users/group via cmd line, using
nireport and niload. It's not fully tested yet, and the code needs a
little clean-up, but it works on OSX 10.4 (not tested on Panther). If
folks are interested I'll post the script and load files to the list.
-Chuck
Daniel C
Does the link provided in that message:
http://www.ossec.net/ossec-list/2006-March/msg00030.html
Works for every MacOS? If it does, we can modify the install to
support it... Also, can you confirm that the lowercase "r" is
not supported (for cp)? We would need to fix that for the next version..
Hi Daniel,
I've been playing with this also and have narrowed it down to the
following lines (39-40)
in src/external/zlib-1.2.3/compress.c:
stream.avail_out = (uInt)*destLen;
if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
If you change line 40 to:
if
((uInt)str
It looks like there is a problem with zlib and 64 bits (since the errors
are during the compression phase). I am doing some testings in here,
but unfortunately I don't have any 64b machine to test..
*btw, thanks everyone for the useful information you are sending me...
*Looking at zlib page, th
David Vasil wrote:
> Martin Gottlieb wrote:
> >
> > Was a solution ever posted for this one ? I checked the archives and
> > did not see one.
> >
> > I am experiencing the same problem on 2 different x86_64 boxes set up as
> > agents. I'm getting "Error compressing string"
> > followed by "Erro
Martin Gottlieb wrote:
>
> Was a solution ever posted for this one ? I checked the archives and
> did not see one.
>
> I am experiencing the same problem on 2 different x86_64 boxes set up as
> agents. I'm getting "Error compressing string"
> followed by "Error creating encrypted message" err
Was a solution ever posted for this one ? I checked the archives and
did not see one.
I am experiencing the same problem on 2 different x86_64 boxes set up
as agents. I'm getting "Error compressing string"
followed by "Error creating encrypted message" errors. I did compile
ossec locally
Sorry, folks, for what seems to me like my messy posting, but this
just in regarding my whitelisting problem; I just received this email
notification for the first time:
OSSEC HIDS Notification.
2006 Aug 09 11:14:32
Received From: danvers->/var/log/messages
Rule: 102 fired (level 7) -> "Unknow
Hey, Daniel.
While iptables is installed on the OSSEC-HIDS server (the one I'm
having ssh and sftp trouble with from my WinXP desktop), it isn't
running. I find that the WinXP box keeps being added to hosts.deny,
even though it's whitelisted. Any other ideas?
Dimitri
On Wednesday August 0
That's because it's a great project!
Ruurd bakker
Secquard.nl
The list is at google groups. If you go to:
http://groups.google.com/group/ossec-list/
You can change your "membership" option to daily digest or one of the
other options..
*if you have problems doing that, send me a private e-mail and I can easily
do that for you (some people have issues with
Daniel Cid wrote:
> To fix that, just edit src/Config.Make,
> add the following to the CFLAGS and recompile ossec:
>
> -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
Oh, this seems to have worked great, thanks!
> *it will be fixed by default in the next version.
Sounds good. :)
> Thanks for the repo
Thanks a lot
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of Daniel Cid
Sent: Wednesday, August 09, 2006 9:47 AM
To: ossec-list@googlegroups.com
Subject: [ossec-list] Re: Do you define rules in the Windows ossec
config file ?
Everything is c
Hi Dimitri,
Just complementing Ahmet's response. By default, ossec blocks the ip
at /etc/hosts.deny and at the firewall, so you would need to remove it
from the
firewall and from hosts.deny (no need to restart ossec).
Try the following:
-Look at your iptables config and remove any block for yo
Project appears to be getting a lot of deserved pub - SANS, Slashdot. Is
there a digest option for the mailing list?
Everything is configured on the server side. The agent does even have the
rules installed by default. The only configuration that the agent has is related
to where the server is and what to extract from the system (in addition to
the shared config from the server).
Hope it helps.
--
Daniel B. C
2.
one of the things i like about it is that when i modify a monitored file
or make changes or even touch a file it sends out a notification to my
blackberry.
if nothing else it gives me the assurance that it is working.
steve
>
> OSSEC HIDS is looking very promising. I've been waiting for a
Ok. Apologies in advance for the length of this.
First the main log (ossec.log) from the point of a recent OSSEC-HIDS
server restart:
2006/08/09 10:06:12 ossec-logcollector(1225): SIGNAL Received. Exit
Cleaning...
2006/08/09 10:06:12 ossec-remoted(1225): SIGNAL Received. Exit
Cleaning...
200
Hello:
Does anyone know if the rules are defined in the windows agent config
file or on the server?
Thanks
Ohh, I'm sorry, I misunderstood your case.
OK, I'll test it tonight, and write the results.
If you can send the conf file and alert logs,
they would help me.
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Ahmet.
Um, actually, why would I need a Windows agent? I'm not monitoring a
Windows b
OSSEC HIDS is looking very promising. I've been waiting for a proper
HIDS solution ever since tripwire development fizzled out. Especially
one that is multi-platform.
As the manual is a bit lacking, I have some (newbie) questions:
1. Can I get syscheck to notify on file additions (ie if some
Hi Dimitri,
If it's not a problem for you, please send them to list.
It would be good for list members to see them.
Someone may have different ideas then mine. :)
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Yes. May I send these to you OL?
Dimitri
On Wednesday August 09 2006 9:33 am,
Ahmet.
Um, actually, why would I need a Windows agent? I'm not monitoring a
Windows box, just using it to do tasks on an OSSEC_HIDS box, like
upload files via sftp (again, using WinSCP3) or run commands via ssh
(Putty). That notwithstanding, I'll send along the conf and logs.
I've done not
Yes. May I send these to you OL?
Dimitri
On Wednesday August 09 2006 9:33 am, Ahmet Ozturk wrote:
> Hi again,
>
> I'll test windows agent at home tonight.
> Can you send us your ossec.conf file and related alert logs?
>
> Regards,
>
> Ahmet Ozturk.
>
> Dimitri Yioulos wrote:
> > Thanks, Ahmet.
Hi again,
I'll test windows agent at home tonight.
Can you send us your ossec.conf file and related alert logs?
Regards,
Ahmet Ozturk.
Dimitri Yioulos wrote:
Thanks, Ahmet.
Might you have any idea why my WinXP box keeps getting blocked when
using the ssh and ftp tools, even though it's whi
Thanks, Ahmet.
Might you have any idea why my WinXP box keeps getting blocked when
using the ssh and ftp tools, even though it's whitelisted?
Dimitri
On Wednesday August 09 2006 9:12 am, Ahmet Ozturk wrote:
> Hi Dimitri,
>
> OSSEC-HIDS configuration only accepts CIDRs /8 /16 /24 /32.
>
> Plea
Hi Dimitri,
OSSEC-HIDS configuration only accepts CIDRs /8 /16 /24 /32.
Please see Rafael Capovilla's solution.
(http://www.ossec.net/ossec-list/2006-August/msg00063.html)
I think Meir Michanie will correct this issue soon.
Since you have only two agent boxes, you may define them
seperately i
Hello list members.
In order to use various tools on my OSSEC-HIDS server and agent boxes,
I've whitelisted my two desktop boxes - WinXP and SimplyMepis Linux.
From the Linux desktop, using cli ssh and sftp tools, I have no
trouble getting into the OSSEC-HIDS server or agents. From the
Win
Steven,
On Tuesday 08 August 2006 20:28, Steven Newson wrote:
> Hi,
>
> I get the same result as Joe Barr - using SuSE 10.1:
Me too. I heard that it is a known false alarm. Data is theoretically in the
list archives, I have not had a chance to look yet.
Steve
--
73 49 111 01001001
Steve Ha
Hi,
I have a few configuration questions. Can someone help?
1. Can I configure syscheckd to report for new file? It seems only
file change is detected.
2. Can I include part of a ignored directory in syscheck? For example,
would the following config detect change in /var/ossec/bin ?
35 matches
Mail list logo
