Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread Eduardo Reichert Figueiredo
Hello Dan, i try connect in my agentless, but i dont have success.. #su -s ossec -s /bin/bash -c 'cd /var/ossec && expect agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lt' spawn ssh user_ossec@SERVIDOR-01 user_ossec@SERVIDOR-01's password: ERROR: Public key authentication failed to host:

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread Eduardo Reichert Figueiredo
Hello Dan, i try connect in my agentless, but i dont have success.. #su -s ossec -s /bin/bash -c 'cd /var/ossec && expect agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lt' spawn ssh user_ossec@SERVIDOR-01 user_ossec@SERVIDOR-01's password: ERROR: Public key authentication failed to host:

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread Eduardo Reichert Figueiredo
Hi Dan, i have success when run this command below. # su ossec -s /bin/bash -c 'cd /var/ossec && expect agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lah' Connection to SERVIDOR-01 closed. INFO: Finished. this log error in first post is only "expect" don't run this command? Em quart

Re: [ossec-list] Drop IP on all agents

2017-03-16 Thread Martin
Hello, Thank you for your answer. I modified the Active-Response in the file /var/ossec/etc/ossec.conf to look like this; host-deny all 6 600 firewall-drop all 6 600 Then i added the following in /var/ossec/rules/local_rules.xml

Re: [ossec-list] OSSEC alerts on syslog

2017-03-16 Thread ehollis3942
Here is the output: udp0 0 0.0.0.0:514 0.0.0.0:* 21090/syslog-ng This is the only instance... On Wednesday, March 15, 2017 at 2:41:58 PM UTC-4, dan (ddpbsd) wrote: > > On Tue, Mar 14, 2017 at 3:37 PM, > > wrote: > > Hello, yes: > > > > ro

Re: [ossec-list] OSSEC alerts on syslog

2017-03-16 Thread dan (ddp)
On Thu, Mar 16, 2017 at 11:33 AM, wrote: > Here is the output: > > udp0 0 0.0.0.0:514 0.0.0.0:* > 21090/syslog-ng > So syslog-ng is listening for incoming messages. You'll have to figure out what syslog-ng is doing with the log messages. > This is the only instance... >

Re: [ossec-list] Drop IP on all agents

2017-03-16 Thread dan (ddp)
On Thu, Mar 16, 2017 at 7:11 AM, Martin wrote: > Hello, > > Thank you for your answer. > > I modified the Active-Response in the file /var/ossec/etc/ossec.conf to look > like this; > > > > > host-deny > all > 6 > 600 > > > > > > firewall-drop > all >

Re: [ossec-list] timeout - ossec-agentlessd: ERROR: ssh_generic_diff: ossec

2017-03-16 Thread dan (ddp)
On Thu, Mar 16, 2017 at 6:44 AM, Eduardo Reichert Figueiredo wrote: > Hi Dan, i have success when run this command below. > > # su ossec -s /bin/bash -c 'cd /var/ossec && expect > agentless/ssh_generic_diff user_ossec@SERVIDOR-01 ls -lah' > Connection to SERVIDOR-01 closed. > INFO: Finished. > >