The auth/authd source code is included in 2.7, but there is no pre-built
Windows binary that contains the 'auth' client yet.
You can be the first to build/test it on Windows.
On Tuesday, October 2, 2012 7:31:37 AM UTC-7, Michael Barrett wrote:
>
>
> Is there a plan to offer this on the Windows
There was a patch in 2.7-beta that may meet your requirement.
Please invoke 'ossec-authd' with ' -i' argument.
It was designed to write the ossec-auth agent IP address in the server
client.keys files (instead of ANY).
Please test to see if it works for you and report back.
Thanks!
On Tuesday,
On Tue, Oct 2, 2012 at 11:27 AM, Michael Barrett
wrote:
>
> We found that if we put the agents IP address in the client.keys on the
> ossec server it works
>
>
> Strange
Sounds like the broken RPM problem a lot of people experienced.
>
> Michael Barre
We found that if we put the agents IP address in the client.keys on the
ossec server it works
Strange
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA |
On Tue, Oct 2, 2012 at 11:23 AM, Michael Barrett
wrote:
>
>
> This agent has worked in the past. We are trying to implement the authd
> key management
Did you use an RPM to install OSSEC? Until very recently that whole
thing was broken WRT authd.
>
>
> __
On Tue, Oct 2, 2012 at 11:24 AM, Michael Barrett
wrote:
>
>
> Our max agent limit is 2048 and we are no where near there
Not the limit I mentioned. open files limit may be an issue, among
others. Check those limits.
>
> Michael Barrett | Information S
This agent has worked in the past. We are trying to implement the authd
key management
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.62
Our max agent limit is 2048 and we are no where near there
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7
1.888.601.4440 | * micha
On Tue, Oct 2, 2012 at 11:14 AM, Tom Hangstin wrote:
> ok my bad, i assumed a full scan from nessus would give off some red flags
> because its so loud and im switching from snort "which would alert to things
> like nessus scans" to ossec. thanks for helping me see the light.
>
You don't have to
ok my bad, i assumed a full scan from nessus would give off some red flags
because its so loud and im switching from snort "which would alert to
things like nessus scans" to ossec. thanks for helping me see the light.
On Tue, Oct 2, 2012 at 10:07 AM, Kat wrote:
> Scanning does not necessarily pr
On Tue, Oct 2, 2012 at 11:11 AM, Michael Barrett
wrote:
>
>
> I am getting this message now.
>
>
>
You realize you could have copied and pasted that right? And that
exposing your key is a bad thing?
You could start by making sure the agent has the correct key. Has the
agent ever worked properly?
I am getting this message now.
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7
1.888.601.4440 | * michael_barr...@mgic.com
T
Scanning does not necessarily provide a "blip". Do you have any kind of
tool logging scans or are you doing something beyond an nmap scan, such as
brute force login attemps. Something has to create a log entry for OSSEC to
see. Based on what you are saying - is there any kind of entry in any of
On Tue, Oct 2, 2012 at 11:00 AM, Tom Hangstin wrote:
> Well the agents are on windows 7 machines which I think just monitor win
> event log and like I said nothing gets reported to the server. Dose ossec
> not detect scans?
>
I think you're asking the question. You should be asking yourself
"What
Well the agents are on windows 7 machines which I think just monitor win
event log and like I said nothing gets reported to the server. Dose ossec
not detect scans?
On Tue, Oct 2, 2012 at 9:43 AM, dan (ddp) wrote:
> On Tue, Oct 2, 2012 at 10:38 AM, Tom Hangstin
> wrote:
> > So i have a ossec se
On Tue, Oct 2, 2012 at 10:38 AM, Tom Hangstin wrote:
> So i have a ossec server up and a few agents out there, but when i scan a
> agent system with nessus or nmap i dont get any emails or even a blip on the
> server im using 2.7 b1 and OSWUI. am i doing something wrong?
Maybe, you don't really g
So i have a ossec server up and a few agents out there, but when i scan a
agent system with nessus or nmap i dont get any emails or even a blip on
the server im using 2.7 b1 and OSWUI. am i doing something wrong?
On Tue, Oct 2, 2012 at 10:30 AM, Michael Barrett
wrote:
>
> Is there a way to configure agent-auth to use the IP address of the agent
> instead of ANY?
>
>
Change the code. There's work being done on this. I can't remember if
it made it into 2.7 or not (what's in and what's out keeps
changing...)
On Tue, Oct 2, 2012 at 10:31 AM, Michael Barrett
wrote:
>
> Is there a plan to offer this on the Windows platform?
I thought Windows support was already available. I know the code went
in to support this, but that's as far as I cared to look into it.
> ___
Is there a plan to offer this on the Windows platform?
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty
Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7
1.888.601.4440 | * michael_b
Is there a way to configure agent-auth to use the IP address of the agent
instead of ANY?
[root@arbuckle bin]# /var/ossec/bin/agent-auth -m 144.122.190.48 -p 1515
2012/10/02 09:28:41 ossec-authd: INFO: Started (pid: 7472).
INFO: Connected to 144.122.190.48:1515
INFO: Using agent name as: arbuck
21 matches
Mail list logo