Hello Matthais,
Thank you so much. Once I added the program_name before the PID and
followed your suggestion, things fell into place.
The syslog entry (mylog just for example):
Apr 15 20:45:43 alana mylog[5907]: var_exploit: exploit from IP:
10.1.1.155: /var/www/pen-net/public_html/default.php
hi,
On Apr 15, 4:42 pm, Greg Noelken wrote:
> Apr 15 00:17:31 alana [8499]: (var_exploit) exploit from IP: 58.91.3.155:
> /var/www/chemistry_lab/public_html/index.php: page
> exploit:http://schoolpapers.hostinginfive.com/bike.htm?
I suppose alana would be the host name? I think a well formed
On Apr 15, 6:57 pm, Martin Tartarelli
wrote:
> Fatal error: Maximum execution time of 90 seconds exceeded in
> /var/www/htdocs/ossec-wui-0.3/lib/os_lib_alerts.php on line 123
>
> Can I modified the time exceeded?
yes, in "php.ini"
see:
http://www.ossec.net/wiki/index.php/OSSECWUI:Install
Hello list,
i liked to know: Where to post suggestions for new features of Ossec?
Thanks!
pwn'd
On Wed, Apr 15, 2009 at 9:36 AM, Kevin Wilcox wrote:
>
> 2009/4/14 :
>
> > H
> > hello plz can u help me about the ossec , as i am new to this i am
> > unable to get ,
> > please give the answer for this question.
> >
> > OSSEC is capable of performing the following system-level checks
When I execute a custom search in OSSEC WUI, the application give me an error:
Fatal error: Maximum execution time of 90 seconds exceeded in
/var/www/htdocs/ossec-wui-0.3/lib/os_lib_alerts.php on line 123
Can I modified the time exceeded?
--
Martin Tartarelli
Linux User #476492
http://owasp.or
2009/4/14 :
> H
> hello plz can u help me about the ossec , as i am new to this i am
> unable to get ,
> please give the answer for this question.
>
> OSSEC is capable of performing the following system-level checks:
> a) file integrity checking
> b) Windows registry monitoring,
> c) rootkit
Hi,
It looks that remoted is running now in the server, but
the clients don't connect with it:
# ps -aef |grep ossec
ossecm 4785 1 0 Apr14 ? 00:00:00
/var/ossec/bin/ossec-maild
root 4789 1 0 Apr14 ? 00:00:00
/var/ossec/bin/ossec-execd
ossec 4793 1 0 A
Hi Peter,
thanks for your reply,
was what I needed to know!
I so grateful for all replies, thanks a lot !
On Wed, Apr 15, 2009 at 10:47 AM, Peter M. Abraham
wrote:
>
> Greetings Darvin:
>
> Your English is good.
>
> Are you receiving ossec alert emails?
>
> I.e.
>
>
> ### START
> OSSEC HIDS
Hi Peter,
thanks for your reply,
was what I needed to know!
I so grateful for all replies, thanks a lot !
On Wed, Apr 15, 2009 at 10:47 AM, Peter M. Abraham
wrote:
>
> Greetings Darvin:
>
> Your English is good.
>
> Are you receiving ossec alert emails?
>
> I.e.
>
>
> ### START
> OSSEC HIDS
Hello,
I spent the last few days testing this rule with no luck. Any ideas are
appreciated.
I have a php script that writes a message to /var/log/messages on an ossec
client when what I call a 'variable exploit' occurs while the script is
called. The message written to the log appears as:
Hi Patrick,
I am glad your experience with OSSEC has been good so far. For your questions:
1-Most of the configuration is already stored on the manager side. There are
a few options on the client, but that can be pre-configured before you
install the agent
(we also have plans for a fully remote
Greetings Patrick:
1. Not that I'm aware of; though that would be a neat idea if it can
be done securely.
2. I would imagine a resource limit; we are currently monitoring
approximately 40 agents (clients) without a hitch.
3. In ossec.conf in the same location as the agent binary (check the
p
Greetings Daniel:
Congratulations.
http://www.securityhorizon.com/journal/TSJ-2009-02-spring.pdf is well
written.
Thank you for sharing this link.
Greetings Darvin:
Your English is good.
Are you receiving ossec alert emails?
I.e.
### START
OSSEC HIDS Notification.
2009 Apr 13 21:40:46
Received From: (fully qualified machine name) abc.abc.abc.abc->/var/
log/secure
Rule: 5712 fired (level 13) -> "SSHD brute force trying to get access
to
Greetings Daniel:
This is a good idea.
I do recommend qmail
On the others you mentioned -- named, Apache -- please allow a way to
customize paths as various automation systems will have named and
httpd in different areas.
For Unix, a infected or otherwise corrupted binary notice would also
be
Hi Darvin,
If you look at the file /var/ossec/logs/active-responses.log you will
see a list of all active responses:
Sun Apr 12 03:18:46 ADT 2009
/var/ossec/active-response/bin/firewall-drop.sh add - 211.140.13.19
1239517126.7334 5706
Sun Apr 12 18:58:22 ADT 2009
/var/ossec/active-response/bin/h
Hi Michael,
I completely agree with you. My goal is to create application profiles
and a list of really
important files to monitor (specially on Windows). If anyone have a
list of directories or
files related to auto run, important configs and files that don't
change very often, please
share.
We
Hi Jose,
Check your logs. Try restarting OSSEC and looking for ossec-remoted in the logs:
# cat /var/ossec/logs/ossec.log |grep remoted
To see the list of remote managed agents, run:
# /var/ossec/bin/agent-control -l
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
2009/4/14 Jose Luis Vázque
19 matches
Mail list logo
