Hi Pete,
I don't know much about the new "svcadm" (and cia) that was added on
Solaris 10.
However, you can still use the old SysV style by copying the
ossec-hids.init from ossec-hids/src/init/ to /etc/init.d/ossec and
symlink it to the desired init directory
that you want. For example:
# cp -pr
Hi Ken,
Since ossec runs in a chroot "jail", it needs to have its own localtime file.
I saw some other reports of incorrectly time stamps, so copying /etc/localtime
to /var/ossec should fix it.
Thanks for letting us know about it.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 3/20/07, Ken A <[EM
Daniel,
Yes, this alert came out when the cron-jobs were running, which is why I
posted it: it seems very odd to throw a level-12 alert over a cron-job
su-ing to nobody. I have verified that this was definitely a known
cron-job.
I would be inclined to say that root su-ing to any other user is
Had a weird issue after modifying timezone data for new DST rules here
and tracked it down to /var/ossec/etc/localtime, which is installed on
both server and agents by InstallServer.sh and InstallAgent.sh scripts.
This was of course a copy of the 'old' /etc/localtime, so ossec was 1 hr
in th
That is what I did and now I'm getting the Inactive in the web ui. They
aren't on the server anymore.
On 3/20/07, Dimitri Yioulos < [EMAIL PROTECTED]> wrote:
On Tuesday 20 March 2007 3:11 pm, Rob wrote:
> Hey all,
>
>Finally got ossec installed on our windows servers and everything
looks
Hey all,
Finally got ossec installed on our windows servers and everything looks
good. I have 1 question however. I had test servers that I've deleted the
agent from the ossec server but I still see them in the ossec web ui. An
example is below. How can I delete these?
Thanks!
Robert
SER
On Tuesday 20 March 2007 3:11 pm, Rob wrote:
> Hey all,
>
>Finally got ossec installed on our windows servers and everything looks
> good. I have 1 question however. I had test servers that I've deleted the
> agent from the ossec server but I still see them in the ossec web ui. An
> example
Hi,
how can I tell ossec to ignore certain files when checking
for rootkit? I have a virtual server running on a real host,
and the virtual server root is /var/lib/vz/root/2001. Then I
got alerts like
,
| Files hidden inside directory '/var/lib/vz/root/2001/proc'. Link
count does not ma
Hi,
I did some testing and it seems that anytime a log file
changes, the analysis engine is triggered. So monitoring log
files seems a rather expensive operation (and very useful of
course). In the scenario of several virtual servers running
on a real host, I would setup an ossec server installa