Hello Shaharyar,
compiling from source works just fine
Jan
On Sun, Feb 7, 2016 at 6:39 PM, Shaharyar Chaudhry
wrote:
> Hey, I was wondering how you got the ossec agent to work on rpi, is there
> a guide to this? I am trying to get agent on my rpi2 model to work. Any
>
Hello Derek,
just install ossec in local mode, this should be best for you.
Brgds
Jan
On Mon, Oct 13, 2014 at 3:06 PM, de...@scratters.com wrote:
I'm exploring the use of OSSEC and I've got a question the docs I've read
aren't yet answering. I think it's going to be quicker to just ask...
or Joomla) login attempt.
**Phase 3: Completed filtering (rules).
Rule id: '31108'
Level: '0'
Description: 'Ignored URLs (simple queries).'
Jan
On Mon, Oct 6, 2014 at 5:52 PM, Michael Starks ossec-l...@michaelstarks.com
wrote:
On 2014-10-04 5:30, Jan Andrasko wrote:
Hello
:12, Jan Andrasko wrote:
rule id=120003 level=13
if_sid31100/if_sid
regex()\.+{\.+:;};/regex
descriptionShellshock Attempt/description
groupattack,/group
/rule
Thanks for sharing this. Any specific reason for the '\.+' after the '()'?
I'm not sure you'll always see
Hello Rob,
this works for us:
rule id=120003 level=13
if_sid31100/if_sid
regex()\.+{\.+:;};/regex
descriptionShellshock Attempt/description
groupattack,/group
/rule
Brgds
Jan
On Thu, Oct 2, 2014 at 3:08 PM, Robert Moerman rjmfphotogra...@gmail.com
wrote:
Hello,
I've
velvin, can you try to run ossec-logtest more verbose with command
ossec-logtest -v and paste the results here? I had similar issues with
ossec-logtest giving different results than ossec-analysisd in the past.
Jan
On Fri, Aug 29, 2014 at 8:44 PM, dan (ddp) ddp...@gmail.com wrote:
On Fri,
://www.ossec.net/files/ossec-hids-2.8.tar.gz
On Tuesday, July 29, 2014 6:30:38 AM UTC-7, Jan Andrasko wrote:
Hi guys,
today, when trying to download ossec from your website, I was constatnly
getting 403 error:
wget http://www.ossec.net/files/ossec-hids-2.8.tar.gz
--2014-07-29 15:16:21
Hi guys,
today, when trying to download ossec from your website, I was constatnly
getting 403 error:
wget http://www.ossec.net/files/ossec-hids-2.8.tar.gz
--2014-07-29 15:16:21-- http://www.ossec.net/files/ossec-hids-2.8.tar.gz
Resolving www.ossec.net (www.ossec.net)... 150.70.191.237
Hello Evan,
rule 1002 matches every log which contains these words:
var name=BAD_WORDScore_dumped|failure|error|attack|bad |illegal
|denied|refused|unauthorized|fatal|failed|Segmentation Fault|Corrupted/var
and is by default configured to aler by email
rule id=1002 level=2