The agent ossec.log files for the two agents show that the agents are
operational and ready to go:
Typical example:
2011/08/15 11:59:33 ossec-agentd(1410): INFO: Reading authentication
keys file.
2011/08/15 11:59:33 ossec-agentd: INFO: Assigning sender counter:
7731:6770
2011/08/15 11:59:33 ossec
This only happened last week when I updated ossec-hids:
/var/ossec/bin/ossec-control: line 209: echo: write error: Broken pipe
Any idea's how to debug it?
If I yum downgrade ossec* it goes away, so something is wrong.
Is your system using upstart? That seems to be a problem for that line
in the script.
On Mon, Aug 15, 2011 at 7:42 PM, webmas...@aus-city.com
wrote:
> This only happened last week when I updated ossec-hids:
>
> /var/ossec/bin/ossec-control: line 209: echo: write error: Broken pipe
>
> Any idea's
Use tcpdump to make sure packets are making it to the manager from the
agent, and to the agent from the manager.
On Mon, Aug 15, 2011 at 3:43 PM, blacklight wrote:
> The agent ossec.log files for the two agents show that the agents are
> operational and ready to go:
>
> Typical example:
>
> 2011/
On Sun, Aug 14, 2011 at 9:13 AM, Alain SPAITE wrote:
> Thanks a lot Dan : it works !
> I just changed :
> "\w+ (\S+) HTTP\S+ (\d+) |
> in :
> "\w+ (\.+) HTTP\S+ (\d+) |
> to get the url with spaces inside and I built a rule to catch the url with
> "epub" or "mobi" to get an alert when the Calibr
I don't think most of the rules are written because of a standard.
On Tue, Aug 9, 2011 at 5:56 PM, Abdellah Tantan wrote:
> Are the ossec rules based on popular security standards like owasp. For
> example modsecurity - an apache module that acts as a web application
> firewall within apache - ha
No, it's a Centos 6 i686 server. The ossec I am running is from the atomic repo.
What's strange my second server, a Centos 6 x86 64 bit does NOT do this with
the same package (obviously one is i686 other is x64) but same versions.
I checked selinux and even set enforcing 0 to test. But roll back
On Mon, Aug 15, 2011 at 8:07 PM, David Cottle wrote:
> No, it's a Centos 6 i686 server. The ossec I am running is from the atomic
> repo.
>
The reports I've seen are about Centos 6 + OSSEC 2.6.
> What's strange my second server, a Centos 6 x86 64 bit does NOT do this with
> the same package (o
Thanks! So it is a known issue :)
Is the latest nightly got it fixed?
I can hassle atomic to rebuild it since it's broken.
Do you have a bug number so I can send it to them as they said they can't find
any issue.
Cheers,
David
Sent from my iPad
On 16/08/2011, at 10:13, "dan (ddp)" wrote:
Atomic pointed out the issue on IRC. :)
It hasn't been fixed yet, I'm not sure if Daniel Cid has a Centos 6
based system to test at the moment (I don't).
Best I can offer is that it'll be fixed "soon," and the Atomic guys will know.
On Mon, Aug 15, 2011 at 8:20 PM, David Cottle wrote:
> Thanks! S
Thanks!
No problem, I will ask them to keep the support ticket open.
Cheers,
David
Sent from my iPad
On 16/08/2011, at 10:36, "dan (ddp)" wrote:
> Atomic pointed out the issue on IRC. :)
> It hasn't been fixed yet, I'm not sure if Daniel Cid has a Centos 6
> based system to test at the momen
Dan,
I also could make my i686 centos 6 server available for Daniel. Let me know if
it would help. As long as it's not taken off, Daniel can debug it as much as
her wants.
Strange it effects i686 only and not x86_64.
Cheers,
David
Sent from my iPad
On 16/08/2011, at 10:36, "dan (ddp)" wrot
binmRonulI36G.bin
Description: PGP/MIME Versions Identification
PGP.asc
Description: Message encrypted with OpenPGP using GPGMail
Sorry, apparently the new GPGMail extension I have doesn't quite work right..
Or I have a setting wrong.. Let's try this again without that enabled...
Hi all,
OSSEC 2.6 on a CentOS 5.6 system.
I was just nailed with an SSH brute force attack which =
apparently lasted a while.
14 matches
Mail list logo