Hello,
We have installed OSSEC 2.7 on a CentOS machine which is working fine with
several Windows and Linux agents.
We are trying to install the OSSEC 2.7 agent package on a Windows 2008
server which goes well but at end, after the manual agent config (ip and
secret) and restarting of the
From the server have you verified that the windows agent is actually
connecting to the server via tcpdump? Tcpdump -i eth0 'host agent IP and udp'
You can also verify the same thing from the windows agent using wireshark using
'ip.addr == server IP'
If you don't see anything check to see what
I will test that but besides the fact if it is really connecting or not,
why would the agent report that it is connected to the server then?
Op woensdag 17 april 2013 12:50:47 UTC+2 schreef Nathaniel Bentzinger het
volgende:
From the server have you verified that the windows agent is
On Wed, Apr 17, 2013 at 6:27 AM, Michiel van Es vanesmich...@gmail.com wrote:
Hello,
We have installed OSSEC 2.7 on a CentOS machine which is working fine with
several Windows and Linux agents.
We are trying to install the OSSEC 2.7 agent package on a Windows 2008
server which goes well but
On Tue, Apr 16, 2013 at 1:13 PM, Jake Johns johns...@gmail.com wrote:
Super old code?
Does this mean it's not advisable to use?
I've been advising against using it for a long time now. There is
slightly better code in https://bitbucket.org/jbcheng/ossec-wui
If it is usable, shouldn't that
I've found that checksum modification starts with file
/etc/alternatives/mozilla-flashplugin and ends with /bin/rbash.
Such order is the same on all hosts.
Mozilla is the cause? which way?
-/bin/rbash
File: /bin/rbash
Agent: dbi-726-14x
Modification time: 2013 Apr 16 11:03:37
-/bin/bash
Op woensdag 17 april 2013 15:19:38 UTC+2 schreef dan (ddpbsd) het volgende:
On Wed, Apr 17, 2013 at 6:27 AM, Michiel van Es
vanesm...@gmail.comjavascript:
wrote:
Hello,
We have installed OSSEC 2.7 on a CentOS machine which is working fine
with
several Windows and Linux
Guys/Dan,
I have this custom encoder rules running for cmd5checkpw and it seems to
be working well.
Of course, now I have another brute force attack going on that OSSEC
doesn't seem to be catching:
Apr 17 07:00:33 clients15 smtp_auth: FAILED: rob...@redacted.com - password
incorrect from
I should start charging for the basic stuff.
On Wed, Apr 17, 2013 at 10:37 AM, Nick nickv...@gmail.com wrote:
Guys/Dan,
I have this custom encoder rules running for cmd5checkpw and it seems to
be working well.
Of course, now I have another brute force attack going on that OSSEC doesn't
On Wed, Apr 17, 2013 at 10:39 AM, Michiel van Es vanesmich...@gmail.com wrote:
Op woensdag 17 april 2013 15:44:03 UTC+2 schreef Michiel van Es het
volgende:
Op woensdag 17 april 2013 15:19:38 UTC+2 schreef dan (ddpbsd) het
volgende:
On Wed, Apr 17, 2013 at 6:27 AM, Michiel van Es
If it's not recommended for use due to lack of development, shouldn't
it be
removed?
What if someone wants to work on it? Lots (for some value of lots) of
people seem interested in it, but maybe one day someone will step up
and do more work on it. Some people have fixed some of the
Op woensdag 17 april 2013 17:08:48 UTC+2 schreef dan (ddpbsd) het volgende:
On Wed, Apr 17, 2013 at 10:39 AM, Michiel van Es
vanesm...@gmail.comjavascript:
wrote:
Op woensdag 17 april 2013 15:44:03 UTC+2 schreef Michiel van Es het
volgende:
Op woensdag 17 april 2013
On Wed, Apr 17, 2013 at 11:46 AM, Michiel van Es vanesmich...@gmail.com wrote:
Op woensdag 17 april 2013 17:08:48 UTC+2 schreef dan (ddpbsd) het volgende:
On Wed, Apr 17, 2013 at 10:39 AM, Michiel van Es vanesm...@gmail.com
wrote:
Op woensdag 17 april 2013 15:44:03 UTC+2 schreef
Hello,
I am currently running ossec 2.5.1 and will be upgrading to 2.7 in the next
few months. The ossec server was first installed with the database enabled
from the steps on the wiki walk-through. It has been running fine, but the
database has never been used and I would like to remove that
On Wed, Apr 17, 2013 at 12:36 PM, w3ndtr w3n...@gmail.com wrote:
Hello,
I am currently running ossec 2.5.1 and will be upgrading to 2.7 in the next
few months. The ossec server was first installed with the database enabled
from the steps on the wiki walk-through. It has been running fine,
The check's in the mail Dan!
No seriously, thanks very much for your help.
-Nick
On Wednesday, April 17, 2013 8:59:35 AM UTC-6, dan (ddpbsd) wrote:
I should start charging for the basic stuff.
On Wed, Apr 17, 2013 at 10:37 AM, Nick nick...@gmail.com javascript:
wrote:
Guys/Dan,
16 matches
Mail list logo