On Wed, Nov 10, 2010 at 3:12 PM, Doug Burks wrote:
> Has anybody used OSSEC to monitor OpenLDAP logs? Specifically, I'd
> like to monitor for auth failures (err=49 in the sanitized log sample
> below). As you can see, one LDAP connection (conn=99) creates
> multiple log entries. Further com
Has anybody used OSSEC to monitor OpenLDAP logs? Specifically, I'd
like to monitor for auth failures (err=49 in the sanitized log sample
below). As you can see, one LDAP connection (conn=99) creates
multiple log entries. Further complicating the matter is the fact
that there are two instance
On Wed, 10 Nov 2010 00:57:04 -0800 (PST), Jakub Moravek
wrote:
Hi everybody,
I was discussing some security issues wit my colleagues. And we
found interresting issue. How is guaranteed integrity of Ossec
itself?
Can Ossec somehow discover, that an attacker will replace Ossec with
modified a
Hi everybody,
I was discussing some security issues wit my colleagues. And we
found interresting issue. How is guaranteed integrity of Ossec itself?
Can Ossec somehow discover, that an attacker will replace Ossec with
modified application. Modified Ossec will report during syscheck scan
same siz
On Wed, Nov 10, 2010 at 3:57 AM, Jakub Moravek wrote:
> Hi everybody,
> I was discussing some security issues wit my colleagues. And we
> found interresting issue. How is guaranteed integrity of Ossec itself?
> Can Ossec somehow discover, that an attacker will replace Ossec with
> modified appli