On Wed, Jul 1, 2015 at 2:15 PM, Sean Fagan seanfaga...@gmail.com wrote:
Hi there,
New to OSSEC and I am trying use Drupal and ModSecurity rule sets but the
logs alerts keep coming up as syslog alerts and I keep getting a Alert
Level: 2; Rule: 1002 Unknown problem somewhere in the system.
Alert Level: 7; Rule: 104150 - Drupal access denied error (permissions
rejected).; Location: (proxy01) xxx.xxx.xxx.xxx
-/var/log/httpd/www.xxx-error_log; [Mon Jun 29 13:54:44.413481 2015]
[:error] [pid 1075] [client 54.176.229.159] ModSecurity: Access denied with
code 403 (phase 2). Operator
Hi there,
New to OSSEC and I am trying use Drupal and ModSecurity rule sets but the
logs alerts keep coming up as syslog alerts and I keep getting a Alert
Level: 2; Rule: 1002 Unknown problem somewhere in the system. Drupal rules
are also picking up ModSecurity logs and reporting them as
Field 7 passed to an AR command is supposed to be file.
Triggering off of rule 550 (syscheck file integrity changed) and logging
arguments 1 through 7, I would expect argument 7 to show the file that changed.
Instead I see this:
add - - 1435510407.21426431 550 (foo.our.com)
good idea for a test
- Mail original -
De: LostInTheTubez lostinthetu...@gmail.com
À: ossec-list@googlegroups.com
Envoyé: Mardi 30 Juin 2015 21:57:43
Objet: RE: [ossec-list] AR command executing when it should not be
Could you add a custom rule to achieve what you’re looking for?
Hi
David Montgomery what about ossec server ?
child.expect ('1- What kind of installation do you want (server, agent,
local, hybrid or help)*')
child.sendline ('server')
below pexcept is not working.
Thankyou
Nandaraj
--
---
You received this message because you are subscribed to the
On Wed, Jul 1, 2015 at 2:32 PM, Sean Fagan seanfaga...@gmail.com wrote:
Alert Level: 7; Rule: 104150 - Drupal access denied error (permissions
rejected).; Location: (proxy01) xxx.xxx.xxx.xxx
-/var/log/httpd/www.xxx-error_log; [Mon Jun 29 13:54:44.413481 2015]
[:error] [pid 1075] [client
On 07/01/2015 04:50 PM, Jon Price wrote:
Ive had ~1000 agents connected to a single ossec server for the past 18
months. About ~2 months ago agents started dropping like flies.
I noticed many lines in the client.keys on the server have been replaced
with #*#*#*#*#*#*#. I believe this is