On Thu, 20 Oct 2011 15:02:11 -0300 Daniel Cid wrote:
> I do this often, but I always have a firewall rule only allowing
> certain IP addresses
> to access it. In that case, even if there is ever a bug on OSSEC it
> will be very limited
> externally.
I might do that.. however I realized that in t
I've been using OSSEC for a while internally however I have a need to allow a
remote system to talk with my local OSSEC server.
Presumably due to the agent setup this should be plenty secure (obvious caveat
about bugs and the like applies, make sure to keep up with patches, etc).
Anything I sho
On Wed, 19 Jan 2011 11:22:48 +0800 seekuel wrote:
> Hi,
>
> My I ask if there is a level we can configure ossec? say:
>
> level1 - moderate
> level2 - Strict
> level3 - paranoid
>
> Since we experience a scenario that the server is used as hosting and
> domains that are already expired will sti
On Tue, 20 Jul 2010 07:11:20 -0700 (PDT) Timothy wrote:
> I have ossec installed on a wide variety of machines, mostly windows,
> but some linux. I am using the web user interface and for some reason
> I am getting a huge number of php errors with listings of deprecated
> functions, I need to fix
On Thu, 15 Jul 2010 11:46:47 -0400 Tyler Ross wrote:
> Hello,
>
> I am wanting to use OSSEC policy monitoring for auditing Windows
> 2003/2008 servers that should be baselined to CIS. Initially, I am
> trying to verify and monitor Windows Audit policies, specifically
> *Audit Logon Events*. I h
On Thu, 20 May 2010 12:39:32 -0600 "Swartz, Patrick H"
wrote:
> Hi All,
>
>
>
> Can someone please point in the right direction with the proper use of
> the tag.
>
>
>
> Is there any difference in using:
>
> blah | blah1 | blah2
>
>
>
> Versus:
>
> blah
>
> blah1
>
> blah2
>
>
So, I've got this rule:
550,551,552
Services
Enum|BITS
Ignoring innocuous registry changes
However it fails to catch this:
Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)."
Portion of the log(s):
Integrity checksum changed for:
'HKEY_LOCAL_MACHINE\System\CurrentCo
On Wed, 19 May 2010 12:22:00 -0400 Jimi Schwar
wrote:
> I'm having the same problem. But it doesn't happen for all messages.
> Some have 4 of the same, some have 7. If this continues I'll have to
> try to unsubscribe and then subscribe again.
Same thing here, and I seem to get duplicates over
On Tue, 18 May 2010 09:14:51 -0500 Michael Starks
wrote:
>
> On Tue, 18 May 2010 08:55:47 -0400, B/K Walker
> wrote:
> > Here's an example, I get smart HDD test syslog events from my NAS
> > box:
> >
> > Received From: fatty->/var/log/messages
&
On Tue, 18 May 2010 10:51:36 -0400 "dan (ddp)" wrote:
> On Tue, May 18, 2010 at 8:55 AM, B/K Walker wrote:
> > I've been struggling with cleaning up the notifications from ossec,
> > I've had some success but for whatever reason I can't seem to get a
>
On Tue, 18 May 2010 07:28:20 -0400 William Montgomery
wrote:
> B/K Walker wrote:
> > I'm getting 4 (maybe more) copies of every post, each with a
> > different return-path and envelope-from headers (some sort of id
> > used by google groups).
> >
> > This i
x27;t have a
google account of any sort.
>
> On Mon, May 17, 2010 at 11:05 PM, B/K Walker wrote:
> > I'm getting 4 (maybe more) copies of every post, each with a
> > different return-path and envelope-from headers (some sort of id
> > used by google groups)..
>
I've been struggling with cleaning up the notifications from ossec, I've had
some success but for whatever reason I can't seem to get a grip on it
completely.
I've got several rules in local_rules.xml that filter out unimportant stuff
(windows really likes to twiddle registry keys, in particula
I'm getting 4 (maybe more) copies of every post, each with a different
return-path and envelope-from headers (some sort of id used by google groups).
This is the first googlegroup I've signed up for, I'm on dozens of other lists
and never have seen this kind of behaviour.
--
If you write some
14 matches
Mail list logo