If you still follow this list, can you post your rules to do this? This
isn't working for me, but I've been doing this:
/home
Anyone have an idea?
Thanks,
Rick
On Friday, March 9, 2012 at 5:27:29 AM UTC-8, Michael Zoet wrote:
>
> Hi dan,
>
> > Syscheck /home/*/.ssh, and write a rule to igno
@Michael Thanks for those last two questions. I was banging my head
against the wall wondering why I wasn't getting the alerts. Then I checked
#2. Turns out I'd set mail alert level to '9' to cut down on messages.
Oops! But at least your help lives on. :-)
On Friday, July 26, 2013 at 10:
Hi, Andrew!
I have never use ElasticHQ and always make query with curl from command
line((
But I'll test ElasticHQ, when have time enough.
вт, 21 апр. 2015 г. в 12:27, :
> Hi,
> thanks for fixing a bug. I have other question, maybe you would be able to
> help me, this is my post
> https://group
Hi All,
I have been doing some googleing and I hope .. or at least I hoped that my
skillz would have been up for the task .. .however ... I am struggling with to
get ossec to read my "custom" rules.
I have in /var/ossec/etc/rules.d/local_rules.xml that looks as follows:
cat /var/ossec/etc/rule
Hello,
I was reading the list and looking the code of report.c to try to find
one option to my question, but, today is not my day !!! :-D
my idea is generate a very small report that only contain one section
of "top entry", for example:
**
On Wed, Apr 22, 2015 at 1:25 PM, Victor Hugo dos Santos
wrote:
> Hello,
>
> I was reading the list and looking the code of report.c to try to find
> one option to my question, but, today is not my day !!! :-D
>
> my idea is generate a very small report that only contain one section
> of "top entry
Thank you Dan!
On Wednesday, April 22, 2015 at 6:44:44 AM UTC-7, dan (ddpbsd) wrote:
>
> On Wed, Apr 22, 2015 at 12:31 AM, 'RAM190E' via ossec-list
> > wrote:
> > Hello,
> >
> > Please help explain why ssh_integrity_check_linux runs and
> ssh_generic_diff
> > runs almost every 8-9 hrs or so
You're a genius!!! It somehow appears that the owner for these files (and
the parent folder) was ossec while the remote agent was running as ossecr.
As soon as I changed the permissions the agents show as active.
THANK YOU!
On Wednesday, April 22, 2015 at 7:51:18 AM UTC-6, dan (ddpbsd) wrote:
>
On Tue, Apr 21, 2015 at 6:31 PM, Colin Bruce wrote:
> No it never appears in the alerts.log when I create or indeed do anything to
> the directory I am scanning on the windows client. It seems to work when I put
> something in the directory I am scanning on the Ossec server itself so I
> imagine i
What i'm trying to do is run the agentless scripts (ssh_integrity_check_linux
runs and ssh_generic_diff) every 3 & 5 mins. But it seems to still run
every 8 or 9 hrs regardless if you change syscheck frequency to also 5 mins.
Did I miss a config somewhere?
Thanks,
Ram
--
---
You received th
On Wed, Apr 22, 2015 at 12:31 AM, 'RAM190E' via ossec-list
wrote:
> Hello,
>
> Please help explain why ssh_integrity_check_linux runs and ssh_generic_diff
> runs almost every 8-9 hrs or so. Even if the frequency is set to 180 and
> 300 in ossec.conf?
>
The syscheck frequency should not affect th
On Tue, Apr 21, 2015 at 6:44 PM, Dan Mackin wrote:
> So all of my agents were already added and working at one point. I recently
> removed one and re-added it with a different ID using the process you
> describe. Restarted both agent and server. In /var/ossec/logs/ossec.log I
> see that it's conne
On Tue, Apr 21, 2015 at 11:15 PM, gaucmuxb wrote:
> Thanks Brent and Mauricio for getting back to me. Your thoughts and comments
> are really helpful.
>
> Brent, you asked what events I would like to monitor in #3. I want to know
> if there is a hacker trying to get into my environment or has succ
Hello,
Please help explain why ssh_integrity_check_linux runs and ssh_generic_diff
runs almost every 8-9 hrs or so. Even if the frequency is set to 180 and 300
in ossec.conf?
Thank you in advance!!
Regards,Ram
OSSEC.CONF:
300
ssh_integrity_check_linux
180 ossec@1.
14 matches
Mail list logo