Just a crazy idea, run an small linux distribution inside a virtual
machine on the kiosk or the Windows system inside the VM.
Cheers.
El 18/02/14 18:53, James M. Pulver escribió:
>
> Ossec is unlikely to help as it needs a Linux server to do anything.
>
>
>
> --
>
> James Pulver
>
> CLASSE Comp
Hi Dan,
How do I do that?
On Tuesday, February 18, 2014 2:29:12 PM UTC-5, dan (ddpbsd) wrote:
>
> On Tue, Feb 18, 2014 at 2:22 PM, Nick Bruno >
> wrote:
> > Hello,
> >
> > I am looking to get the ossec-authd to work with the following:
> >
> > /var/ossec/bin/ossec-authd -p 1515. I am using
On Feb 19, 2014 7:00 AM, "Nick Bruno" wrote:
>
> Hi Dan,
>
> How do I do that?
>
Download, unzip, and untar the source. Run install.sh. follow the prompts.
> On Tuesday, February 18, 2014 2:29:12 PM UTC-5, dan (ddpbsd) wrote:
>>
>> On Tue, Feb 18, 2014 at 2:22 PM, Nick Bruno wrote:
>> > Hello,
Hello,
I am looking at the email alerting option.
I've looked at the thread
at https://groups.google.com/forum/#!topic/ossec-list/Q55ZGg6tfj0 but I am
not sure how to fix the following:
- send all alerts from level =>15
- send to u...@domain.com
All other alerts should not be mailed.
As I un
On Wed, Feb 19, 2014 at 7:21 AM, Michiel van Es wrote:
> Hello,
>
> I am looking at the email alerting option.
> I've looked at the thread at
> https://groups.google.com/forum/#!topic/ossec-list/Q55ZGg6tfj0 but I am not
> sure how to fix the following:
>
> - send all alerts from level =>15
> - se
Op woensdag 19 februari 2014 13:50:47 UTC+1 schreef dan (ddpbsd):
>
> On Wed, Feb 19, 2014 at 7:21 AM, Michiel van Es
> >
> wrote:
> > Hello,
> >
> > I am looking at the email alerting option.
> > I've looked at the thread at
> > https://groups.google.com/forum/#!topic/ossec-list/Q55ZGg6tf
We are currently using OSSEC as our FIM solution. We are wanting to
migrate that functionality off to Bit9. As such I will need to do an
uninstall of the agent from 400+ computers. Is there a silent uninstall
option for the OSSEC agent? Running uninstall.exe /? Simply just starts
the ver
On Sat, Feb 15, 2014 at 2:09 AM, Ryan Schulze wrote:
>
> I believe the file you are looking for is "etc/preloaded-vars.conf", just
> fill out all the "answers" to the questions in that file and install.sh
> won't ask for them.
>
That is correct, and the documentation for this is being worked on.
On Tue, Feb 18, 2014 at 2:29 AM, David Montgomery
wrote:
>
>
> I have server installed and one agent. I am on Ubuntu 12.04
>
> I have agent and server started.
>
> ports 1515 and 1514 are open
> on the server ran /var/ossec/bin/ossec-authd -p 1515 >/dev/null 2>&1 & and
> have sskmanager keys inst
On Tue, Feb 18, 2014 at 6:57 AM, Leonel Algaré wrote:
> Hi guys,
>
> I have a question:
>
> how often the /var/ossec/etc/shared folder gets replicated?
You can check the source to try and figure it out. I'm not sure where
to look off hand.
> Which is the best way to force the replication in ALL
i'd like to put an ossec agent on one of my web servers but i don't want it
to take action on anything just yet ... i'd like to have it report what it
would have done so i know what to expect when i install it.
is that possible?
--
---
You received this message because you are subscribed to
On Wed, Feb 19, 2014 at 9:12 AM, Thomas Moretto wrote:
> i'd like to put an ossec agent on one of my web servers but i don't want it
> to take action on anything just yet ... i'd like to have it report what it
> would have done so i know what to expect when i install it.
>
> is that possible?
>
Y
dan, thanks for the quick response. i was trying to stay away from changing
scripts, but if that's the only way it's done then so be it. :)
thanks again.
tom
> Date: Wed, 19 Feb 2014 09:18:25 -0500
> Subject: Re: [ossec-list] can i set OSSEC to report only?
> From: ddp...@gmail.com
> To: oss
Dear Dan,
Under both the config files how should I decide if realtime
option with syscheck is on ? Please advice which is better?
Regards,
Frwa.
On Tuesday, February 18, 2014 12:10:42 AM UTC+8, dan (ddpbsd) wrote:
>
> On Mon, Feb 17, 2014 at 11:04 AM, frwa onto >
> wrote:
> > D
On Wed, Feb 19, 2014 at 10:27 AM, frwa onto wrote:
> Dear Dan,
> Under both the config files how should I decide if realtime
> option with syscheck is on ? Please advice which is better?
>
Look for the realtime option in the statements:
http://ossec.net/doc/syntax/head_ossec_confi
Making sure that all code in OSSEC compiles and runs on all Unixes is
hard, and limiting. I would like to support the Manager only on Modern
Unixes:
- Recent versions of BSD's
- Recent versions of Darwin
- Recent versions of Linux
This proposal is only for the manager. The agent should run on
It is extremely important that you don't define "Recent Versions of Linux" as
the last 2 versions of Ubuntu or Fedora. It should be more like the last 2
versions of Debian Stable or RHEL...
--
James Pulver
CLASSE Computer Group
Cornell University
-Original Message-
From: ossec-list@goo
On Wed, Feb 19, 2014 at 11:03 AM, Jeremy Rossi wrote:
> Making sure that all code in OSSEC compiles and runs on all Unixes is
> hard, and limiting. I would like to support the Manager only on Modern
> Unixes:
>
> - Recent versions of BSD's
> - Recent versions of Darwin
> - Recent versions of Linu
I would think that as long as the code is POSIX compliant it would
build on any system following that standard, which is nearly all
modern UNIX system.
--
Later,
Darin
On Wed, Feb 19, 2014 at 11:03 AM, Jeremy Rossi wrote:
> Making sure that all code in OSSEC compiles and runs on all Unixes is
>
Also, perhaps moving to a build system like GNU autotools or CMake and
away from the existing cludgy make system would make building ossec
more portable. As someone who builds and maintains lots of packages,
generating packages for ossec was not straight forward and took a lot
of time to get right,
On Wed, Feb 19, 2014 at 11:11 AM, Darin Perusich wrote:
> I would think that as long as the code is POSIX compliant it would
> build on any system following that standard, which is nearly all
> modern UNIX system.
> --
I haven't tested our code for posix compliance, but I do know niche
systems li
On Wed, Feb 19, 2014 at 11:54 AM, Darin Perusich wrote:
> Also, perhaps moving to a build system like GNU autotools or CMake and
> away from the existing cludgy make system would make building ossec
> more portable. As someone who builds and maintains lots of packages,
> generating packages for os
On Wed, Feb 19, 2014 at 11:56 AM, dan (ddp) wrote:
> On Wed, Feb 19, 2014 at 11:54 AM, Darin Perusich wrote:
>> Also, perhaps moving to a build system like GNU autotools or CMake and
>> away from the existing cludgy make system would make building ossec
>> more portable. As someone who builds and
I wish :) not that simple and a lot of great libraries are writen on and for
linux/Mac osx. Hpux and Solaris are after thoughts.
Sent from my iPhone
> On Feb 19, 2014, at 11:17 AM, "Darin Perusich" wrote:
>
> I would think that as long as the code is POSIX compliant it would
> build on any s
I was thinking just about anything in the last 3 years on linux. Linux I think
would be easy.
Sent from my iPhone
> On Feb 19, 2014, at 11:10 AM, "James M. Pulver" wrote:
>
> It is extremely important that you don't define "Recent Versions of Linux" as
> the last 2 versions of Ubuntu or Fe
Sent from my iPhone
> On Feb 19, 2014, at 11:55 AM, "Darin Perusich" wrote:
>
> Also, perhaps moving to a build system like GNU autotools or CMake and
> away from the existing cludgy make system would make building ossec
> more portable.
I think we can pull this out into another thread. I am
Sent from my iPhone
> On Feb 19, 2014, at 11:59 AM, "dan (ddp)" wrote:
>
>> On Wed, Feb 19, 2014 at 11:11 AM, Darin Perusich wrote:
>> I would think that as long as the code is POSIX compliant it would
>> build on any system following that standard, which is nearly all
>> modern UNIX system.
On Wed, Feb 19, 2014 at 12:20 PM, Jeremy Rossi wrote:
>
>
> Sent from my iPhone
>
>> On Feb 19, 2014, at 11:59 AM, "dan (ddp)" wrote:
>>
>>> On Wed, Feb 19, 2014 at 11:11 AM, Darin Perusich wrote:
>>> I would think that as long as the code is POSIX compliant it would
>>> build on any system foll
Sent from my iPhone
> On Feb 19, 2014, at 12:23 PM, "dan (ddp)" wrote:
>
>> On Wed, Feb 19, 2014 at 12:20 PM, Jeremy Rossi
>> wrote:
>>
>>
>> Sent from my iPhone
>>
On Feb 19, 2014, at 11:59 AM, "dan (ddp)" wrote:
On Wed, Feb 19, 2014 at 11:11 AM, Darin Perusich wrote:
>
hi
i have a centos which i installed the agent... i just want to monitor if
there is a change to the file /etc/passwd how I do it
this is the contect of the file ossec.conf on the agent:
cat ossec.conf
obexch02.mre.corp
10.10.8.128
7
8
yes
xxx...@xxx
On Wed, Feb 19, 2014 at 12:49 PM, marco cohen wrote:
> hi
>
> i have a centos which i installed the agent... i just want to monitor if
> there is a change to the file /etc/passwd how I do it
>
> this is the contect of the file ossec.conf on the agent:
>
> cat ossec.conf
> obexch02.mre.co
On 02/19/2014 11:17 AM, Jeremy Rossi wrote:
I was thinking just about anything in the last 3 years on linux. Linux I think
would be easy.
Honestly, that's not nearly enough for enterprises. It has to be five
years minimum. That's not to say that at some point OSSEC can't bring in
extra depe
On 02/19/2014 10:59 AM, dan (ddp) wrote:
I haven't tested our code for posix compliance, but I do know niche
systems like hpux, solaris, and aix have been issues over the years.
Dropping official support for those systems frees up resources, and
keeps us from having to wonder if every change we m
On Feb 19, 2014 10:08 PM, "Michael Starks"
wrote:
>
> On 02/19/2014 10:59 AM, dan (ddp) wrote:
>>
>> I haven't tested our code for posix compliance, but I do know niche
>> systems like hpux, solaris, and aix have been issues over the years.
>> Dropping official support for those systems frees up r
34 matches
Mail list logo