It should let you download it as my understanding is that Solaris is
free. If for some reason it doesn't let you, give me your release
number (/etc/release) and I probably have media for itm. (Latest is
11/07)
F
On 4/25/08, McClinton, Rick <[EMAIL PROTECTED]> wrote:
>
> You can download Solar
Hello again Matthew. I did what you said me but it show me theses errors:
[EMAIL PROTECTED]:/home/administrador/Escritorio/ossec-hids-1.4/src# make setdb
Error: MySQL client libraries not installed.
Error: DB libraries not installed.
Can you tell me why it happend?
Thanks
-Original Mess
You can download Solaris CDs / DVDs from Sun. You may have to pretend to be a
student.
> -Original Message-
> From: ossec-list@googlegroups.com
> [mailto:[EMAIL PROTECTED] On Behalf Of Sebastian Kösters
> Sent: Friday, April 25, 2008 1:16 PM
> To: ossec-list@googlegroups.com
> Subject:
can i download the SUNWhea somewhere?
Mit freundlichen Grüßen
Sebastian Kösters
systems architect
Trade Haven GmbH
In der Steele 37, 40599 Düsseldorf
T +49 211 749659 14mailto:[EMAIL PROTECTED]
F +49 211 749659 29http://www.tradehaven.de
--
thanks! the rule problem is fixed.
sometimes it is very easy but i dont see it ;)
implementing something like that would be very cool!
On 25 Apr., 17:14, "Daniel Cid" <[EMAIL PROTECTED]> wrote:
> Hi Sebastian,
>
> Your rule is actually working as expected. You have:
>
>
> 57161
> 5700
>
The snapshot update seemed to fix it for me. thanks
>>> "Daniel Cid" <[EMAIL PROTECTED]> 4/24/2008 9:52 AM >>>
Hi Jalal,
You can use the snapshot from:
http://www.ossec.net/dcid/?p=122
Or the latest v1.5 beta:
http://www.ossec.net/wiki/index.php/Dev:BetaTesting
If you never updated OSSEC, i
Hi Sebastian,
Your rule is actually working as expected. You have:
57161
5700
SSHD authentication failed.
authentication_failed,
Because of the 5700, whenever a sshd message is
received, it is going to check
if the rule 57161 happened 2 or more times. I think in your case, you wa
Hi,
i have to questions.
first the frequency in rules Problem.
i created the following rules
5700
^Failed|^error: PAM: Authentication
SSHD authentication failed.
authentication_failed,
57161
5700
SSHD authentication failed.
authentication_failed,
Aft
Just to make sure that we're all on the same page.
Source IP should be set to the IP address of the remote host that is
generating the event. Target IP should be sent to the IP address of the
agent.
I realize that is obvious.
Regards,
Adriel T. Desautels
Chief Technology Office
Hi Pierre,
The frequency has a "weird" logic for most people. Basically it means
if the specified rule happened more than the
value on the frequency.
So, first time you get the message, no alert on 101713. Second time
you get, it will look if the rule 101712 happened more than one time
(not coun
Hi Aaron,
The active response configuration must be set on the server side, not
on the agent... Besides that,
your configuration seems fine.
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On Thu, Apr 24, 2008 at 11:09 PM, Aaron Bliss <[EMAIL PROTECTED]> wrote:
>
> I added the followin
Hi Evan,
Yes, the configuration was on the right place. However, since it is an
apache log, it will be decoded/matched
before by one of your apache rules.
If you change your rule to the following, it should work:
31100
/var/log/apache2/public_html-access_log
Me
Hi Kivanio,
I need the output from the command as I said:
# /bin/sh -x /var/ossec/active-response/bin/firewall-drop.sh add XXX 192.168.2.1
This will give me debug information from the script and not from your
terminal. I also tried it on
FreeBSD and worked fine...
Thanks,
--
Daniel B. Cid
dci
Hi Alexey,
If you are using Ubuntu, open a terminal and type:
"sudo apt-get install mysql-server". If you haven't already, you will
need to also type: "sudo apt-get install build-essential"
That should install the packages you need to run OSSEC with a database.
As for your previous email askin
Before I run the "./install.sh" script I execute the following like some
instruction said:
$ cd ossec-hids-1.4
$ cd src; make setdb; cd ..
$ ./install.sh
but it show me that errors:
Error: MySQL client libraries not installed.
Error: DB libraries not installed.
Can someone tell me
| Daniel,
| I think thats a logical solution. Since OSSEC is an HIDS and not a
| NIDS, using the IP of the HIDS would be ideal. That would enable prelude
| to correlate events better.
|
I totally agree.
I added the following to the ossec-conf file of an ossec agent, but
it's not triggering the active response even though I'm triggering rule
5701. Any ideas? P.S. ossec-execd is running. Thanks for your help.
sshbrute
firewall-drop.sh
srcip
no
sshbrute
local
17 matches
Mail list logo
