really like to have it included.
I am also planning on switching to wazuh for ossec-hid, would I submit a
get request to ossec or wazuh?
Regards,
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
--
---
You received this message because you are subscribed to the Google Groups "ossec-lis
to ONLY accept the key and NOT the password?
so I'm pretty sure it can be done.
You could trigger for Accepted password with a higher alert level.
Or you can get fancy and fulfill your second requirement - by grouping
on the user names that are only logging in thru ssh keys.
0k
--
Dennis
in
/etc/php5/apache2/php.ini.
My system is openSUSE.
Regards,
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
overwrite=yes
if_sid13100/if_sid
matchTransport endpoint is not connected/match
descriptionSamba network problems./description
/rule
/group !-- syslog,smbd --
Regards,
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
I am upgrading to a new system and looking at the default useradd
command it is creating the ossec users in user space. Shouldn't this be
using the -r option to install in system user space?
Regards,
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
.
snip
--
Dennis Golden
Golden Consulting Services, Inc.
dan (ddp) wrote:
On Thu, Jan 21, 2010 at 11:14 AM, Dennis Golden
dgol...@golden-consulting.com wrote:
I have discovered a serious problem with the subject rules. here is the
result
running ossec-logtest:
--
Dennis Golden2010/01/21 09:49:16 ossec-testrule: INFO: Started (pid: 20196
dan (ddp) wrote:
On Thu, Jan 21, 2010 at 11:14 AM, Dennis Golden
dgol...@golden-consulting.com wrote:
I have discovered a serious problem with the subject rules. here is the
result
running ossec-logtest:
--
Dennis Golden2010/01/21 09:49:16 ossec-testrule: INFO: Started (pid: 20196
--[ UxBoD ]-- wrote:
- Dennis Golden dgol...@golden-consulting.com wrote:
I have discovered a serious problem with the subject rules. here is
the result
running ossec-logtest:
--
Dennis Golden2010/01/21 09:49:16 ossec-testrule: INFO: Started (pid:
20196).
ossec-testrule: Type one
lookup error (bad ISP or attack).'
**Alert to be generated.
Needless to say that if active response tries to use the address that has
already failed it will also fail; therefore, the attack can continue forever.
Dennis
--
Golden Consulting Services, Inc.
.
Thanks,
--
Daniel B. Cid
Thanks Daniel,
I installed the snapshot and tested. I had to let it run for a while to
make sure it looked okay.
Looks good,
Dennis
On Tue, Mar 3, 2009 at 5:29 PM, Dennis Golden
dgol...@golden-consulting.com wrote:
Bruce Martins wrote:
Yeah I don't seen an option
decoding.
No decoder matched.
TIA,
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
ignores that. I'm sure that there must be other chroot
programs that might do this.
BTW, there are hundreds of these. Any advice will be appreciated. I'm
using ossec 2.0 on openSUSE 11.0.
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
removed...],[EMAIL PROTECTED],
Message-ID: [EMAIL PROTECTED], mail_id:
tQIdkHApsika, Hits: -2.599, queued_as: 8E4321AA5D6/B77871AA5D8, 575 ms
I occasionally get these also. I haven't really looked into though.
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
the ability to attach
log files there, so I am attaching them here.
Ossec was started at 10:53 and I saved the logs about 13:35. You will see that
the only thing logged from that time on was the startup. See bug 163 for the
rest of the information.
I have gone back to 1.4.
Regards,
Dennis
--
Dennis
15 matches
Mail list logo