Hi Justin,
We fixed it on the following snapshot:
http://www.ossec.net/files/snapshots/ossec-hids-101124.tar.gz
That file had a variable set on the wrong line that breaks on old compilers.
thanks,
On Wed, Nov 24, 2010 at 6:35 PM, Justin Mitchell wrote:
> I had ossec 2.4.1 installed on three
On 11/24/2010 01:46 PM, d.asse...@cgi.com wrote:
Hi
Still working on my issue from yesterday ( flagging ww files)
1# I just upgrade OSSEC to OSSEC HIDS v2.5.1 on a Solaris 10 Box
2# I added these to rules to my local rules
The essence of the rules I wrote, like all rules, is that it matches
On 11/24/2010 04:35 PM, Justin Mitchell wrote:
I had ossec 2.4.1 installed on three servers (redhat 7.1, redhat 7.2,
and centos 4.8). I ran the update on all three servers, and only had
success with the centos 4.8 server. On the two redhat 7.x servers, it
failed with the following error:
OSSEC
That worked like a charm. I renamed my existing /var/ossec folder, reran the
install procedure and now I have no issues running ossec-reportd.
Scott Closter
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com] On
Behalf Of dan (ddp)
Sent: November 1
I had ossec 2.4.1 installed on three servers (redhat 7.1, redhat 7.2,
and centos 4.8). I ran the update on all three servers, and only had
success with the centos 4.8 server. On the two redhat 7.x servers, it
failed with the following error:
***
On Wed, Nov 24, 2010 at 2:46 PM, wrote:
> Hi
>
>
>
> Still working on my issue from yesterday ( flagging ww files)
>
>
>
> 1# I just upgrade OSSEC to OSSEC HIDS v2.5.1 on a Solaris 10 Box
>
> 2# I added these to rules to my local rules
>
>
>
>
>
> syscheck,
>
> Permissions ch
Heh, of course shortly after I sent that I think I found one that
makes more sense. :P
On Wed, Nov 24, 2010 at 11:17 AM, dan (ddp) wrote:
> Does anyone have a useful and working guide to setting up ldap for
> user auth? Pretty much everything I've found while trying to get this
> thing running do
Hi
Still working on my issue from yesterday ( flagging ww files)
1# I just upgrade OSSEC to OSSEC HIDS v2.5.1 on a Solaris 10 Box
2# I added these to rules to my local rules
syscheck,
Permissions changed from '\D+' to '\D\D\D\D\D\D\Dw\D'
World-writable File
100
On Wed, Nov 24, 2010 at 10:57 AM, ItsMikeE wrote:
> On the ossec master there is a syscheck database for each agent (in /
> var/ossec/queue/syscheck).
> If the syscheck database has not been updated for a while (i.e. longer
> than the interval between runs of the syscheck on the agent) does this
>
Does anyone have a useful and working guide to setting up ldap for
user auth? Pretty much everything I've found while trying to get this
thing running doesn't work.
On the ossec master there is a syscheck database for each agent (in /
var/ossec/queue/syscheck).
If the syscheck database has not been updated for a while (i.e. longer
than the interval between runs of the syscheck on the agent) does this
indicate that
1) Nothing being monitored has changed so the
Problem is that there is nothing to interpret the ldap log entries.
If the thing you want to watch isn't syslog or in the decoder (see
below) it won't generate any SIDs, and therefore no alerts.
To add a new application, you have to build the decoder to extract the
data, or modify (clone) an exi
This file should never need execute permission.
The problem is combination of ownership and permissions
The owner of a file can always change it. The only person who needs to
change the file is root, so root should be the owner.
OSSEC processes run under either root, or ossec so both of these
a
We *do* have OpenLDAP configured to use syslog. This multi-line mess
is as good as it gets :)
Thanks,
Doug Burks
On Nov 20, 7:05 pm, Michael Starks
wrote:
> On 11/10/2010 02:12 PM, Doug Burks wrote:
>
> > Has anybody used OSSEC to monitor OpenLDAP logs? Specifically, I'd
> > like to monitor fo
14 matches
Mail list logo
