I don't see an obvious way to change the default location of the
ossec.log. Can I change this to /var/log/ossec.log? Otherwise, I'll
just symlink for convenience.
Thanks
There's no configuration for where the log exists.
OSSEC chroots to /var/ossec (or where ever you installed it to). So
the file you symlink to will have to be in this directory.
On Thu, Feb 3, 2011 at 12:24 PM, Chris Everest chrisever...@gmail.com wrote:
I don't see an obvious way to change the
How efficient OSSEC is to stop SQL injection ? If not then i have to
move on mod_security
Is anybody out there who using ossec for sql injection ?
Thanks,
S
See here:
http://www.ossec.net/wiki/Samples_of_attacks_detected_by_ossec
I would think the only issue here is that OSSEC is *responsive* and will
look for patterns from the logs post-occurrence. So if your app is
vulnerable to SQL injection, theoretically, the attacker would get in on the
first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you really want to stop SQL injection you need to update your
application code. Bolting on security will only buy you some wiggle
room, it won't solve the problem.
OSSEC is very good at recognizing keyword signatures in URL requests
after they
On 02/03/2011 12:00 PM, satish patel wrote:
How efficient OSSEC is to stop SQL injection ? If not then i have to
move on mod_security
Is anybody out there who using ossec for sql injection ?
Thanks,
S
It's very good at detecting SQL injection, but your code shouldn't
(smile) be
Hi James,
On Wed, Feb 2, 2011 at 9:35 PM, James Ford james0...@gmail.com wrote:
I was wondering if it was ever entirely overwritten in an upgrade. I know
rules and decoder both have a local_ option for them, but what about
ossec.conf? The reason I ask is I'm wondering how it handles adding
Hi,
I just installed OSSEC 2.5 and configured couple of remote hosts. But, when I
use the WebUI-Integrity Checking-Dump database for a remote hosts, nothing is
displayed.
It does work fine when I choose the server itself.
I have checked the databases under /var/ossec/queue/syscheck and the
Are there any web logs that might indicate an error?
On Thu, Feb 3, 2011 at 4:57 PM, Nejat, Mehregan
mehregan_ne...@intuit.com wrote:
Hi,
I just installed OSSEC 2.5 and configured couple of remote hosts. But, when I
use the WebUI-Integrity Checking-Dump database for a remote hosts, nothing
Nothing shows up in the error_log when I try the Dump database function.
Here are apache and php versions I am running:
php -version
PHP 5.1.6 (cli) (built: Jan 15 2008 04:57:50)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v2.1.0, Copyright (c) 1998-2006 Zend Technologies
/usr/sbin/httpd
No logs makes tracking down issues with this junk much much harder.
Look in the other log file too. access_log or whatever it's called.
Can the web application access the files?
Have you tried modifying the permissions of the files that don't work
to match the file that does?
On Thu, Feb 3, 2011
Hi Dan,
So, I did enable debug and checked the permission and all that but still
nothing still shows up in the log. However, looking at the code, I think I
found the problem. It seems to be a logical problem that's why no error gets
logged.
The problem seems to be in os_lib_syscheck.php in
OK. I found it. The issue has to do with $filepattern variable.
The filenames look like this:
(myhost1.mydomain.com) 10.10.10.184-syscheck
And the regex fails to match the first part of the filename (i.e.
(myhost1.mydomain.com)) because it does not check for existance of the .
in the first part
13 matches
Mail list logo
