Hi,
One of my customer has installed Ossec on a RedHat server RHEL 5.4. Now
this server needs to patched as per PCIDSS requirements. The current RedHat
OS version is RHEL 5.4, once patched the version will be 5.10. Please let
us know if Ossec v2.6 is compatible with RHEL 5.10.
Thanks & R
2014-07-16 10:35 GMT+03:00 Amritha Kumar :
> Hi,
>
> One of my customer has installed Ossec on a RedHat server RHEL 5.4. Now
> this server needs to patched as per PCIDSS requirements. The current RedHat
> OS version is RHEL 5.4, once patched the version will be 5.10. Please let
> us know if Ossec
On Wed, Jul 16, 2014 at 3:35 AM, Amritha Kumar
wrote:
> Hi,
>
> One of my customer has installed Ossec on a RedHat server RHEL 5.4. Now this
> server needs to patched as per PCIDSS requirements. The current RedHat OS
> version is RHEL 5.4, once patched the version will be 5.10. Please let us
> kno
On Tue, Jul 15, 2014 at 7:24 PM, Garett Shulman
wrote:
> Hello,
>
> I am trying to do an unattended install of a second instance of OSSEC on an
> Ubuntu system.
>
> I'm trying to modify etc/preloaded-vars.conf based on
> http://ossec-docs.readthedocs.org/en/latest/manual/installation/install-sourc
Am facing an issue of having to restart ossec server on a daily basis for
clients to report. If not they all show as inactive. As soon as I run the
restart command on the server the agents start to report. Am using ossec
2.6. Has anyone faced this problem? Any help would be appreciated.
--
--
On Wed, Jul 16, 2014 at 8:55 AM, Nick Souza wrote:
> Am facing an issue of having to restart ossec server on a daily basis for
> clients to report. If not they all show as inactive. As soon as I run the
> restart command on the server the agents start to report. Am using ossec
> 2.6. Has anyone fa
While reviewing the implementation of install.sh I discovered USER_CLEANINSTALL
which does not appear to be documented at
http://ossec-docs.readthedocs.org/en/latest/manual/installation/install-source-unattended.html.
Adding USER_CLEANINSTALL="y" to etc/preloaded-vars. conf did the trick.
Than
It works locally on the server itself, but not on remote agents. Any help
would be greatly appreciated.
On Monday, July 14, 2014 6:29:04 PM UTC-7, Steven Ho wrote:
>
> Hi,
>
>
>
> I’ve just installed ossec 2.7.1 and am trying to get Ossec to send the
> actual contents of what changed in a fil
I've hashed together a new decoder and rules file for the "new" Trend Micro
Office Scan logging to Windows Event Logs. i don't quite have all the
result codes in there, but it's a start. Appreciate any comments,
suggestions. I'm using Ossec in AlienVault, so I'll be doing some
correlation as
I have a request to tune the output of Rule 18152: Multiple Windows Logon
Failures. They would like:
1. More than 5 failed logins to a single user should be identified so we
can act on it.
2. More than 10 failed logins to a single device for any user be identified
so we can act it.
3. All
10 matches
Mail list logo
