One of the computers that I'm responsible for securing has a program
on it that will (sometimes) add large numbers of users and groups
within a few seconds. Clearly, this creates way too many alerts.
However, immediately before adding any new accounts, it always logs a
specific entry to /var/log/
Here is the code I use to run this:
cd /var/ossec/
zcat /var/ossec/logs/alerts/2009/Mar/*.gz | ./src/monitord/ossec-reportd -n
"Month Summary"
>
> Hi Derek,
>
> What command (and arguments) are you using? It seems that it is trying to
allocate
> more than what you have available.
>
> Thanks,
Dan,
I am running "cat logs/alerts/2009/May/ossec-alerts-14.log | ./bin/
ossec-reportd" from the ossec directory so I should be able to see the
results of my editing "/etc/hosts" on one of the agentless systems. I
see nothing. I also have email alerts setup and they work for the
agent-full system
Hi Dan,
What kind of reporting are you doing? When using the ossec-reportd
tool they should
show up fine:
Top entries for 'Location':
enigma->/var/log/authlog|a |
(ssh_integrity_check_linux) a...@192.168.2.1.. |yy
Hi Marco,
It is a typo in the manual. Change to
and it should work. I will
update the manual soon.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On Thu, May 14, 2009 at 8:49 AM, wrote:
>
> Hi,
>
> I am having problems in telling OSSEC manager to ignore some file
> changes notifications (
Hi list,
I receive a lot of bug reports regarding our active response scripts
not properly
removing all ips from iptables. I believe we found the problem, being caused
by iptables itself failing to run and we not checking the return codes
from it...
Anyone having this issue, please try our lates
On Thu, 14 May 2009 10:51:40 +0200, ver...@neuestadt.ch wrote:
> Question:
> What webserver is recommended form the point of view of security?
The best web server is generally the one you are most comfortable securing,
has wide public support, is open and has a history of proactive security
and
I would also go with Apache. Also, you can do things to help to
mitigate against potential vulnerabilities, such as limiting access to
the webserver by IP address, or using ssh port forwarding which would
eliminate the need to have the webserver accessible from anywhere
other than localhost...the
Hi,
I am having problems in telling OSSEC manager to ignore some file
changes notifications (syscheck).
I have done as specified on http://www.ossec.net/main/manual/manual-syscheck/
but it doesn't work.
This is what I have in my rules/local_rules.xml file (changed the
original chars [a-z0-9] wi
On May 14, 9:51 am, ver...@neuestadt.ch wrote:
> Question:
> What webserver is recommended form the point of view of security?
I would go for a plain apache. Apache has a bigger user base and a
solid reputation. If something comes out on apache a bigger target
than you will be hit first and a pat
Hi all,
I have installed OSSEC 2.0 and all appears to be working fine but I
can't work out how to get my agentless systems to appear in reports.
When I run "register_host.sh list" it shows my active agentless
systems;
# /srv/ossec/agentless/register_host.sh list
*Available hosts:
r...@172.40.10
Hello,
I am going to install OOSEC and the WUI. The requirements for the WUI is a
webserver.
(I am not very happy to install a webserver on the OSSEC host)
Question:
What webserver is recommended form the point of view of security?
Thank's a lot!
John
12 matches
Mail list logo