ies are in there, I have verified the location of both the include
files and libraries for mysql.
At this point, I'm not sure where to head. Does anyone have any
thoughts on what's happening here?
Thanks,
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph
nagement system is used to push out config changes..
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke
,
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Li
> dir is sent to agents for you so you will not need to sync them
> yourself. Just note changes take time.
Do changes to these files (not agent.conf) also require a restart of the
remote agent?
- --
- -------
Jason 'XenoPhage'
ate a rules area and start hacking?
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
--
hanks,
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG
://ossec.net/ or mailing list
> archives will bring up something.
Aha .. grouping.. I'll look in that direction. Thanks!
> --
> http://nk99.org/
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any
n
tag would prevent syscheck from checking them to begin with.
Am I missing something obvious?
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology.&q
x27;d agree with using rules for this. I'm also curious what
in /etc/logrotate is changing that you need to ignore that directory .. Those
files should be pretty static, no?
Just use ignore rules for these ..
/\/.svn/
^/etc/logrotate
^/etc/tinydns-dns\d+/log (This is a weird
directory
e explained within...
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNA
s not a connection limit issue, it may be something else, but likely
MySQL related. Check the .err file in your MySQL directory for more hints at
what the problem may be...
> Thanks and regards,
> Kai-Uwe
- ---
Jason 'XenoPhage' Frisvold
xenoph...@go
periment a bit. I have the book on order right now and I'm
eagerly awaiting my copy... My hope is that it is significantly more detailed
than the site..
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any suf
ing through it.. It
does look mildly useful, at least from a "here's how stuff is supposed to work"
aspect... We'll see..
What other documentation source do you suggest?
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- -
ou mean by audit? Are you talking about integrity monitoring? Just
add another directive to your ossec.conf file indicating what directory to
monitor.
/path/to/other/files/directory
> Best regards,
> Houcem HACHICHA
- ---
Jason 'XenoPhage' Frisvold
x
want ossec to audit is not the one
> under /etc.
Aha .. I have not explored that aspect of OSSEC yet.. So much to learn! :)
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is ind
with the server and re-start using the agent.conf I've configured
from the server? Will it use the local merged.mg file automatically?
Thanks,
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently
-response to insert firewall rules
automatically.
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke'
DirA
> DirBDirCDirD
> 100Logs 200 LogsN logs
You can use globs, so something like this would work :
syslog
/DirA/*/*.log
> Regards, Fotis
- -------
Jason 'Xeno
> Found a couple related threads, but none with a resolution. Anyone else
> seeing this?
>
> Thanks,
> d.
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguis
that's really useful, thanks..
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
---
of ossec.. Sudo itself doesn't log that
information (at least, not by default), and it doesn't appear in the audit.log
either..
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced
n in a
log. Point OSSEC at the logs and have at it. If you need more detailed
information, take a look at snmptt. I use both of those packages to
pass information to Nagios for active alerting.
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
>
>> Thanks!!
>> d.
>>
>> -Original Message-
>> From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com] On
>> Behalf Of Jason 'XenoPhage' Frisvold
>> Sent: Wednesday, August 18, 2010 4:25 PM
>> To: ossec-list@google
ry and limit what netstat picks up and reports. Here is
> my setup.
This sounds interesting.. Can you post a link to the blog entry so I can have a
go at this as well?
Thanks,
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
&q
#x27;t sure what blog was being referred in the original
post.. Found the post, though..
http://www.ossec.net/dcid/?p=198
Now to get it running.. :)
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any suffici
why you copy the logs to a hrdened system that doesn't do
> anything else...
What happens when the logs rotate?
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Not sure who's in charge of the site, but the downloads page shows v2.4 with a
v2.5 package for download.. :)
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any s
debugging, but this doesn't
seem to produce any additional usable information.
So is this considered a bug, or is this expected behavior?
Thanks,
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any
s
> along the way.
It was apparently a bug. Lord Cid fixed it up in today's snapshot.
Presumably there will be a v2.5.1 sometime soon as I'm apparently not
the only one who got bit..
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
-
t; Thanks,
> Chris
- - -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- - ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - - Niven's Inverse of Clarke's Third Law
- -BEGI
ert and 2 additional alerts related to PAM/login.
> Is there an easy way to surpress these alerts if they happen all within a
> second of one another?
Not really ossec-related, per se, but why not use SNMP for this? Works really
well.. :)
> Thanks,
> Chris
- -------
u can see changes over time. OSSEC still plays a role here in that you can
use it to monitor the syslog traffic from the ASA and alert on problems, take
action when it detects attacks, etc.
[1] http://www.shrubbery.net/rancid
- ---
Jason &#x
z
Will this eventually end up as a 2.5.1 release?
> Should have fixed it.
>
> thanks,
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
nded up being a bug. Logcollector was segfaulting. Daniel Cid
resolved the problem. The fix will be in 2.5.1 when that's released, which
apparently will be "real soon now" ... :)
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- --
e somewhere?
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE---
a new SRPM then.. :)
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP
.x vs 2.4.x or similar)?
Thanks!
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
--
see what else comes of it..
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PG
en exactly should this report run? I have yet to receive and email
... This has been in place for about 2 days now.. Is this
misconfigured? Am I missing something?
Thanks,
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- -
ght, I made a bunch of changes to see this thing
fire.. :)
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Cl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 13, 2010, at 9:57 AM, ddp...@gmail.com wrote:
> Not that I'm aware of. Last time I checked the source and Windows packages
> were there, just hadn't been signed yet.
Signed and out now.. :)
- ---
hat someone is attacking you in
this manner, then the only real solution is to track that traffic down
to the source and have it blocked there. DDoS is a bit of a pain to handle.
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- --
They'll
start at 12:01am on 10/17.
> Apologies if you've already mentioned this before.
>
> Regards,
> Chris
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is i
led \S+ for invalid user|^Failed \S+ for illegal user
from (\S+) port \d+ \w+$
srcip
So shouldn't the decoder line identify this as such?
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advan
est.
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
r all, I'm still learning too!
> --
> Michael Starks
> [I] Immutable Security
> http://www.immutablesecurity.com
[1] http://blog.godshell.com
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any suf
ens on 465, or are you
sending alerts to the local mailserver and that mailserver isn't passing them
on ?
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable fro
tml
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
n a script.
As I learn more about OSSEC, I'm sure I'll unlock even more capability
that I'm not even aware of yet. This is becoming one of the more
powerful tools in my security belt and I'm excited to see what comes next.
- --
- -------
Jason '
Day-3-Meet-the-agent.html
Feel free to leave comments, I crave feedback! :)
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven'
n,
I'm pretty sure they'll try to avoid that.
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-B
shell.com/blog/archives/276-WoO-Day-5-Decoders-Unite!.html
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of
ere is a free version of splunk that works with plugins..
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Cl
ten on updates.
Wouldn't that prevent installation of new versions of the rules?
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
-
Any information on this would be great.
I believe this just means it's loading the local decoder file.. What version
were you running previously?
> Thank You Christian
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 21, 2010, at 9:41 AM, dan (ddp) wrote:
> Depends on your definition of "free." ;)
Touche ... :)
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any
ck. I can think of a few ways to alter it so it detects two or more
directories being traversed, but I can think of a few ways to defeat that too..
So, how do I handle this?
Thanks,
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
-
Down-The-Law.html
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGN
ail.
This is why your level 6 alert did not get emailed. It should have ended up in
the log, however.
> TIA!
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishabl
log/archives/278-WoO-Day-7-Tidbits.html
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
t. I've also got a few ideas for the code, so
> learning C is on my list of things to do in my spare time.
What is this "spare time" you speak of..
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficientl
bones RPM packages here :
http://www.godshell.com/software
> Thanks for your help
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - N
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 21, 2010, at 8:15 PM, Jason 'XenoPhage' Frisvold wrote:
> I find myself struggling with how to handle directory traversal false
> positives. The following happily triggers rule 31104 and active response
> blocks the I
one said security was easy, right?
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-
ell as those that may have square brackets.
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
ime in?
>
> I've tried it with OpenBSD's smtpd, and probably sendmail. So those
> will be the start of a "does work" list. Anyone want to contribute to
> this list?
qmail works fine as well.
- ---
Jason 'XenoPhage' Frisvold
xenoph
success
alert_by_email
authentication_success
User logged in.
> Thanks,
>
> -M
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's
rd that might be
used elsewhere.. Or give a clue as to how you construct your passwords.
- --
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
ation.
2010 Dec 07 09:22:47
Received From: (myServer) 192.168.0.1->ossec-keepalive
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
- --MARK--: *I&ccQ?
- --END OF NOTIFICATION
- -----------
Jason 'XenoPhage&#x
his.. I should
read before posting. :)
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third
OSSEC knowledge!
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP SIGNATURE-
On Dec 30, 2010, at 4:55 PM, Saket wrote:
> Hi,
>
> Is there a way to consolidate all the active-response.log file from
> all the agents?
>
> It is difficult to access each agents active-response.log, I am
> presuming there is a way to consolidate all the active-response.log in
> the server.
>
e logic!
...
Thanks. :) I should have thought of that... :P
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clark
f.
Yes, the higher level has to come first. I'm using this in production
already. :)
- --
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technolog
ve the "fix" was to disable email grouping, but that
just results in more email. :)
- --
- -----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology.&qu
ong in
my deployment.
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BEGIN PGP S
the ability to create users, but it works really well.
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke&#x
ill really
be a light installation. Right now the light forwarder is a full splunk
install with just a few items turned on. This new forwarder, I believe they're
calliing it the ultra light forwarder, will be stripped down to the bare
minimum.
- -
-----
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-BE
7200
no
yes
/etc
>Chad Hammond
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse
On Feb 24, 2011, at 2:33 PM, "dan (ddp)" wrote:
>>
>> yes
>>
>>
>
> This disabled AR on that agent.
This is in the agent.conf, right? I had been disabling specific agents by
creating an active response at the top of my ossec.conf with that agent_id
identified. This looks MUCH easier and
, ctime, and permissions.
Does any of this functionality exist currently? (A quick search
doesn't turn anything up) Or perhaps is it something that can be added
for 2.6 or 2.7 ?
Thanks,
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph.
7;s a wishlist somewhere.. :) As long as it's on there and
the right people have the wishlist, I'll be satisfied.
> dan
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is ind
still find a centralized rules repository to be
useful, though, and I think OSSEC should have an official one, whether
that's run by OSSEC or by a community member.
- --
- -------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"An
ried to make everything as concise as I could to make it
more readable. I'll see if I can take a look at the OSSEC manual itself and
try to make it more readable.
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"An
the client, waiting a few moments, and then restarting the client.
Typically the agent.conf is sent from the server to the client within the first
few seconds so a restart causes the client to properly see the agent.conf file
and act accordingly.
--
hink about it.
> -Satish
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
atch the active-response.log file and fire
>> off an email/alert when a new entry is added. It's simple to do, and
>> helps solve the notification problem.
>>
>> On Wed, Mar 2, 2011 at 2:18 PM, Tanishk Lakhaani
>> wrote:
>>
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
em to be well supported or updated at this point. Splunk with the
free OSSEC splunk plugin works wonderfully.
I wonder if it's worth removing the wui altogether from the OSSEC site or at
least marking it as unsupported.
-------
Jason 'XenoPhage' Frisvold
27;ve
seen it a few times and every time it happens it's the same explanation.
---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
g message decoded as
ossec. syscheck rules specifically reference syscheck in the rules themselves.
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
with it for a bit and it looks pretty nice. The ossec plugin was already
updated for it.
-----------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
nd install it using manage_agent?
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
ifferent here that would cause this.
Have you tried a different server and/or reinstalling?
> Regards,
> Branimir
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any sufficiently advanced magic is indis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/18/2011 11:43 PM, Eric Hansen wrote:
> That I did.
Are you running selinux, perchance?
> When your work speaks for itself, don’t interrupt.
> – Henry J. Kaiser
- --
- -------
Jason 'XenoPhage&#x
directory (wherever it is) ? It
appears that remoted isn't running, perhaps because of directory
permissions problems. On my install, the shared directory is owned by
ossec.ossec and has permissions of 770 .
- --
- ---
Jason 'XenoPhage' Frisvold
xenoph...@
not sure why Arch wouldn't like OSSEC.. I know arch has some
peculiar (at least to me) ways of doing things, but I thought that was
just my own unfamiliarity with the system. You used install.sh to set
up the server, yes?
- --
- ---
Jason
pt.
> – Henry J. Kaiser
>
>
> On Wed, Mar 23, 2011 at 9:25 AM, Jason 'XenoPhage' Frisvold
> mailto:xenoph...@godshell.com>> wrote:
>
> On 03/22/2011 11:10 PM, Eric Hansen wrote:
>> Lol, the only thing I'm beginning to wonder is that Arch Linux,
details?
Wouldn't running as an unprivileged user significantly reduce the functionality?
-------
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
---
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
r...
Started ossec-remoted...
Started ossec-syscheckd...
Started ossec-monitord...
Completed.
What's the 127 mean? Leftover debug?
> Thanks,
- ---
Jason 'XenoPhage' Frisvold
xenoph...@godshell.com
- ---
"Any suff
1 - 100 of 147 matches
Mail list logo
