Re: [ossec-list] OSSEC on Raspberry Pi 2

2016-02-09 Thread Jan Andrasko
Hello Shaharyar, compiling from source works just fine Jan On Sun, Feb 7, 2016 at 6:39 PM, Shaharyar Chaudhry wrote: > Hey, I was wondering how you got the ossec agent to work on rpi, is there > a guide to this? I am trying to get agent on my rpi2 model to work. Any >

Re: [ossec-list] Does a single machine scenario use an agent?

2014-10-13 Thread Jan Andrasko
Hello Derek, just install ossec in local mode, this should be best for you. Brgds Jan On Mon, Oct 13, 2014 at 3:06 PM, de...@scratters.com wrote: I'm exploring the use of OSSEC and I've got a question the docs I've read aren't yet answering. I think it's going to be quicker to just ask...

Re: [ossec-list] OSSEC rule for Shellshock CGI attacks?

2014-10-07 Thread Jan Andrasko
or Joomla) login attempt. **Phase 3: Completed filtering (rules). Rule id: '31108' Level: '0' Description: 'Ignored URLs (simple queries).' Jan On Mon, Oct 6, 2014 at 5:52 PM, Michael Starks ossec-l...@michaelstarks.com wrote: On 2014-10-04 5:30, Jan Andrasko wrote: Hello

Re: [ossec-list] OSSEC rule for Shellshock CGI attacks?

2014-10-04 Thread Jan Andrasko
:12, Jan Andrasko wrote: rule id=120003 level=13 if_sid31100/if_sid regex()\.+{\.+:;};/regex descriptionShellshock Attempt/description groupattack,/group /rule Thanks for sharing this. Any specific reason for the '\.+' after the '()'? I'm not sure you'll always see

Re: [ossec-list] OSSEC rule for Shellshock CGI attacks?

2014-10-03 Thread Jan Andrasko
Hello Rob, this works for us: rule id=120003 level=13 if_sid31100/if_sid regex()\.+{\.+:;};/regex descriptionShellshock Attempt/description groupattack,/group /rule Brgds Jan On Thu, Oct 2, 2014 at 3:08 PM, Robert Moerman rjmfphotogra...@gmail.com wrote: Hello, I've

Re: [ossec-list] rule test succeeds but fails to alert

2014-09-03 Thread Jan Andrasko
velvin, can you try to run ossec-logtest more verbose with command ossec-logtest -v and paste the results here? I had similar issues with ossec-logtest giving different results than ossec-analysisd in the past. Jan On Fri, Aug 29, 2014 at 8:44 PM, dan (ddp) ddp...@gmail.com wrote: On Fri,

Re: [ossec-list] Re: wget download forbidden

2014-09-03 Thread Jan Andrasko
://www.ossec.net/files/ossec-hids-2.8.tar.gz On Tuesday, July 29, 2014 6:30:38 AM UTC-7, Jan Andrasko wrote: Hi guys, today, when trying to download ossec from your website, I was constatnly getting 403 error: wget http://www.ossec.net/files/ossec-hids-2.8.tar.gz --2014-07-29 15:16:21

[ossec-list] wget download forbidden

2014-07-29 Thread Jan Andrasko
Hi guys, today, when trying to download ossec from your website, I was constatnly getting 403 error: wget http://www.ossec.net/files/ossec-hids-2.8.tar.gz --2014-07-29 15:16:21-- http://www.ossec.net/files/ossec-hids-2.8.tar.gz Resolving www.ossec.net (www.ossec.net)... 150.70.191.237

Re: [ossec-list] Setting email

2014-04-16 Thread Jan Andrasko
Hello Evan, rule 1002 matches every log which contains these words: var name=BAD_WORDScore_dumped|failure|error|attack|bad |illegal |denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted/var and is by default configured to aler by email rule id=1002 level=2