Props to Syndrowm for guiding me in figuring this out. Thanks Evan!
#
This will change the selinux permissions on the /var/ossec directory,
to match those of the web directory. You can get more restrictive but
I'm unsure exactly which directories the web server would need access
to in the oss
Hi,
Has anybody got any ideas of what this is: "IMAP Fetch Overflow Attempt"
[**] [1:3070:1] IMAP fetch overflow attempt [**][Classification: Misc
Attack] [Priority: 2] ???.???.???.???:48104 -> ???.???.???.???:143
It triggers every time I try and collect email using Thunderbird on my
pc acces
I am launching two instances of snort with the following commands:
/usr/local/bin/snort -i eth2 -A full -c /etc/snort/snort.conf -D
/usr/local/bin/snort -i eth3 -A full -c /etc/snort/snort.conf -D
I have this in my ossec.conf file with ossec running in agent mode on
my snort sensor:
snort-
Hi all,
I am running into the same issue. I tried various combinations
including setting the type to var_log_t,httpd_log_t and others and
changing the user to system (basically setting the enforcement as the
httpd logs) but all to no avail.
Has anyone had any luck with it? For the time being I
Greetings:
I created a small number of sonicwall rules in /var/ossec/rules/
local_rules.xml
When I restarted ossec, it told me there was no "sonicwall" decoder.
When I commented out the decoder section for "sonicwall" in /var/ossec/
etc/decoder.xml I was told there is an error in the sonicwall
Greetings:
I was investigating Apache segmentation faults on one of the servers
monitored by ossec 1.3, and found that right before the segmentation
fault was a hack attempt against shtml.dll (a FrontPage component).
I created the following rule in /var/ossec/rules/local_rules.xml
30101
Because I can't get Ossec to properly work with Cisco IOS logs I've
opted to use local_rules.xml and place my rules in there.
%SYS-5-CONFIG_I
Configuration change detected.
%SEC-6-IPACCESSLOGS
Unauthorized access.
%LINEPROTO-5-UPDOWN
Line protocol UP/DOWN.
%L
Refer to this thread about a similar discussion:
http://groups.google.com/group/ossec-list/browse_thread/thread/f78e998efb3c108b
Below is a snip from the thread above which shows you the sequence
numbers.
Here I have enabled service sequence-numbers on the router. From the
log file, you can
see