https://github.com/ossec/ossec-hids/pull/422
This has not been pulled into ossec. But I think he keeps it up to date over
at https://bitbucket.org/aquerubin/ossec-hids/wiki/Home
This has not been pulled into ossec but should be I think.
> On Mar 12, 2015, at 11:41 AM, Sebastian Pesman
> wr
Doc are incorrect default patterns:
} else {
OSRegex_Compile(".xml$", ®ex, 0);
}
https://github.com/ossec/ossec-hids/blob/master/src/config/rules-config.c
> On Mar 12, 2015, at 4:46 PM, autodidactic wrote:
>
> I'm using the to enable other decoders to be
> On Feb 1, 2015, at 1:18 PM, mfbiux wrote:
>
> Hi everyone, I have the following problem:
>
> I have 1 server and 6 agents, 3 centos and 3 Windows 2008. Active response is
> correctly operating for all agents and the repeated_offenders option is also
> configured in each agent.
>
> The prob
Inotify is Linux only. The features are available on FreeBSD in kqueue but
realtime has never been written for kqueue. At this time realtime only works
on windows and Linux.
> On Jan 20, 2015, at 3:15 PM, dan (ddp) wrote:
>
>> On Tue, Jan 20, 2015 at 3:12 PM, finid wrote:
>> That mean
And some more detail to add to what ddpbsd is looking for. What OS are you on
and version please also let us know the versions of tr and cat. My guess is
hpux but I could be really wrong.
> On Jan 21, 2015, at 12:32 PM, dan (ddp) wrote:
>
>> On Wed, Jan 21, 2015 at 11:11 AM, Gil Vidals
No globs/regex/osmatch do not work with cdb and never will. This is how the
database works. You can only ask it simple questions like the following:
Does cdb file x.cdb have key: Jeremy
Does cdb file x.cdb not have key: Rossi
This is due to how cdb hash the keys and in a constant time look u
Can we try to get an strace with threads: strace -f
> On Nov 12, 2014, at 12:52 PM, dan (ddp) wrote:
>
>> On Wed, Nov 12, 2014 at 11:49 AM, dan (ddp) wrote:
>>> On Mon, Nov 10, 2014 at 4:02 AM, Chris H wrote:
>>> The only calls in the strace to alerts.log are these:
>>>
>>> sendto(4, "1:oss
Gcc and gnu make should be thought of as requirements. Future versions will
not build with out gnu make ;)
> On Oct 24, 2014, at 8:46 AM, theresa mic-snare wrote:
>
> are there any special dependencies for compiling ossec on AIX?
> special AIX compiler needed or is it just the gcc?
>
> A
> On Oct 21, 2014, at 8:11 AM, dan (ddp) wrote:
>
>> On Tue, Oct 21, 2014 at 8:09 AM, wrote:
>> The ossec-init.conf file in the CentOS RPMs I picked up has the TYPE set to
>> 'server'. I don't need that - I only need a local installation, so I removed
>> those RPMs and installed from the ta
The fix needs to happen in c code. Currently the full paths are compiled into
ossec binaries. So build compile you set the location path for the binary
forever.
This is something we are working on but please don't expect something right
away as I stopped working on this to deal with othe is
Nope nighting I have tried nor heard of. I would guess the ssh-agent is the
way to go. If you get it working and think it's a problem more people possible
need. Let us know and submit a github.com/ossec/ossec-docs pull request to add
it for everyone.
> On Oct 21, 2014, at 11:19 PM, Scot
Looks like Lua is correctly using gcc but out makefile is not. Could do the
following:
export CC=/path/to/gcc
cd src
make all
If you don't get any errors try the install again with the export CC. If you
do get a lot of errors reply here with the full log again.
> On Oct 3, 2014, at
> On Sep 29, 2014, at 9:23 AM, dan (ddp) wrote:
>
>> On Fri, Sep 26, 2014 at 8:44 AM, cgzones wrote:
>> And OSSEC uses bash to invoke diff for the syscheck option report_changes
>> (in syscheck as root). I did not investigate right now how severe this is.
>
> Does it use bash or /bin/sh?
I have not fully confirmed this completely yet, but as OSSEC does not
allow external data into environmental variable so given is not an
issue.
* Chard [2014-09-26 06:08:20 -0700]:
The security hole means that an attacker could potential take control of
the server. From what I have read it
I have started an github issue to log feedback:
https://github.com/ossec/ossec-hids/issues/320
I would also like to make sure that I get feedback from the communitiy
at large. So please fire away and let us know the good, the abd the
ugly:
## Build systems of shell is hard and britle lets
No but I was wondering if you could send the rules groups you
have added. We do have some limitations around how deep the
child parent tree we can go, but I will have to check into that
more.
Side note i have added over 200 rules to my system without
issue, so something is going on with the ord
So many levels of weird. Can you try adding a completely different rule and
see if you are getting an error. Just checking if we have error with the
number of rules. (Random guess).
> On Sep 18, 2014, at 8:12 PM, "Dave Martin" wrote:
>
> I recently installed OSSEC 2.8 and have been addin
I should note I know not a single thing about windows :) let alone cmdlets,
powershell, and what is this mmc magic you all speak of.
> On Sep 17, 2014, at 9:55 PM, "Jeremy Rossi" wrote:
>
> You will never have to sell me on less code :)
>
> Code wins :) pull reques
You will never have to sell me on less code :)
Code wins :) pull requests matter :) I might even take a look see at the code.
Hey powershell is popular now. And can do GUIs and is much easier then c. So
what about ossec cmdlets?
> On Sep 17, 2014, at 9:21 PM, "SoulAuctioneer"
> wrote:
>
I did the release 2.8.1 and did not change the version numbers in code. This
is on me todo and I have not completed it. Thank you for noticing I will make
sure as I finish up making a release process my that I include this.
> On Sep 17, 2014, at 11:20 AM, "Lechaim Wilson" wrote:
>
>
> OSSEC
Suggestion. Break out the logic to cli only and then have the GUI call that.
This allows the dropping of the gui or not or moving it into the installer or a
lot of other options.
> On Sep 17, 2014, at 10:26 AM, "SoulAuctioneer"
> wrote:
>
> I want to do a lot of work on the Windows agent
Me ;)
> On Aug 29, 2014, at 4:32 PM, "theresa mic-snare"
> wrote:
>
> hi there,
>
> so who's attending this year's OSSEC CON in Cork? :)
>
> kind regards,
> theresa
>
> Am Donnerstag, 24. Oktober 2013 22:46:46 UTC+2 schrieb rocka...@gmail.com:
>>
>> hi there,
>>
>> i know recently there w
This is something we should look to fix. Tim could you create an issue on
github.com/ossec/ossec-hids/issues
Also Tim we have a better way to do this:
http://ossec-docs.readthedocs.org/en/latest/manual/rules-decoders/rule-lists.html
This will handle lots and lots and lots of address in a sin
ch requests.
This might not be the correct way but could help.
Also a little active-response and cdb make this problem go away ;)
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and
or loading the rules:
'local_rules.xml'.
This might be fallout from the regex changes.
It is. Key bit is "Unknown veriable". We fixed this in master, but I
will check. I will also add this to our testing to make sure things
like tis do not happen.
-Jeremy Rossi
--
--
The following rules worked before, but now I get an error:
18139
no_log
User name:\s+\.*\$\s+
Windows login failure for workstation - user name ends in $
(ignored)
[root@ossec etc]# /opt/ossec/bin/ossec-logtest
2014/07/01 08:53:27 ossec-testrule: INFO: Reading local decoder file.
2014/07/01
097c2f
We have been trying to get the Anti-Virus companies to review
this version for sometime. We are making headway as 4/52 is much better
then the 11/52 it was a week ago.
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list&
* amtel.dings [2014-06-23 05:47:58 -0700]:
Hi ,
I haven't found any instructions about AV-Issues in the archives
(http://marc.info/?l=ossec-list).
F-Secure is complaining ossec-agent-win32-2.8.exe
(http://www.f-secure.com/v-descs/suspicious_w32_malware_variant_online.shtml)
is malware. I've u
g all right now. So don't let his chat
stop you from implementing your own features with log all ;)
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from i
* Artien Bel [2014-06-18 15:33:09 +0200]:
I'm sure there's no technical inability to do this with OSSEC, but I
feel the effort to create this could be put to better use working on
features/bugfixes that have to do with it's primary task; which is being
a HIDS. But if someone submits a pull requ
ay as far away from that as possiable ;) other can look in to it,
but not me ;)
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to osse
I don't know
this is what I do in my environment. Rsyslog and socklog with spunk and ossec
for security.
>
> In sort, lets not use a screwdriver as a hammer, even if we technically
> could.
:)
>
> Regards,
>
> Artien
>
>> On 06/18/2014 01:58
>
> * James M. Pulver [2014-06-18 12:03:15 +]:
>
>> Maybe I???m crazy, but I think OSSEC is like a log daemon +???
>> It???s cross platform, it includes encryption, it has built in filtering and
>> can do active response. Why would it make sense to duplicate log shipping if
>> you need it
* James M. Pulver [2014-06-18 12:03:15 +]:
Maybe I???m crazy, but I think OSSEC is like a log daemon +???
It???s cross platform, it includes encryption, it has built in filtering and
can do active response. Why would it make sense to duplicate log shipping if
you need it to do the securit
Log all feature comes up all the time and is confusing I think and maybe
something we should solve better. But I am worried about turning ossec from
security to a log daemon as other tools have solved that problem.
Currently logall just saves the raw messages without any metadata like file
p
We would Very much welcome it. Some suggestions, but nothing more for the
branch :).
Agent -> master:
json and use first char of { to pick new code path for processing the messages.
This will allow master to work with legacy agents and new agents cleanly.
Master->agent:
This is harder bu
of asked when have files changed) to tell ossec when to do work.
Anybody any suggestions on how to handle this?
Hard problem for ossec and anything file intergrity monitoring tool.
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-lis
Could an issue be raised in github.com/ossec/ossec-hids/issues ? I don't know
how this code could have been affected during the 2.8 release as next to zero
code was changed in this area.
Thank for reporting and looking into this.
> On Jun 14, 2014, at 10:26 PM, "Michael Starks"
> wrote:
>
Yeah that was a bug that made into into 2.8. Looks like corrected this
in https://github.com/ossec/ossec-hids/pull/220 could you try this out?
* James MacLean [2014-06-07 12:27:00 -0700]:
Here is an example of the rule:
100109
Account Name:\s*\t*\S+\$\s*\t*\s*Account Domain:
Can you supply the full rule and an example log file so we can test and confirm
what you are seeing.
Thank you
> On Jun 7, 2014, at 10:16 AM, "James MacLean" wrote:
>
> My local_rules.xml had 2 regex expresions using \$. Both failed with 2.8.
>
> Replacing them with \. allowed ossec to sta
* BBcan177 [2014-06-05 13:50:25 -0700]:
http://www.openssl.org/news/secadv_20140605.txt
https://github.com/ossec/ossec-hids/issues/219 has been created to
address this CVE and OSSEC.
Thank you,
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google
Yeah been reviewing this but nothing has changed with ossec usage of OpenSSL in
any released versions of the code. Things to make note of is ossec-authd
makes use of OpenSSL but provides encrypted transport but zero, nine, nada
authentication / authorization. So the bugs outline don't look to
Thank you created https://github.com/ossec/ossec-hids/issues/218
* Joe Fontes [2014-06-05 09:28:15 -0700]:
Anyone else getting a 404 when trying to grab the checksum for the 2.8
stable release?
Link here:
http://www.ossec.net/files/ossec-hids-2.8.checksum.txt
--
---
You received this mess
* Up [2014-06-04 09:21:22 -0700]:
Hello guys,
I just tried upgrade of ossec on my linux system(local) from
VERSION="v2.7.1"TYPE="local" to latest Latest Stable Release
(2.8)server/agent. But it seems there is no local type in it?
After running ./install.sh (I chose yes to both questions), my
* Up [2014-06-04 09:21:22 -0700]:
Hello guys,
I just tried upgrade of ossec on my linux system(local) from
VERSION="v2.7.1"TYPE="local" to latest Latest Stable Release
(2.8)server/agent. But it seems there is no local type in it?
After running ./install.sh (I chose yes to both questions), my
* Aaron Hunter [2014-06-03 09:00:06 -0700]:
It's journald that concerns me the most. journald replaces (r)syslog
entirely. It does not provide syslog format log files nor even text based
log files. Instead, as I understand it, journald uses only a binary log
format. This means that the text for
I'm more interested in the firewalld piece.. :)
I know it's "just" iptables on the back end, but I think there may be
some really neat things we can do with firewalld...
:) cool would love to see some new action-response based on this. Do
you have anything in mind
k much).
Have you been following along with 2.8?
Thank you,
-Jeremy Rossi
--
Later,
Darin
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an
* dan (ddp) [2014-06-03 08:01:37 -0400]:
On Tue, Jun 3, 2014 at 7:38 AM, Aaron Hunter wrote:
I wanted to know if the introduction of systemd and journald cause any
problems for OSSEC. I am preparing to test RHEL 7.0 and was hoping to hear
from others about any issues they may have encountered
It's wonderful that you guys are talking about OSSEC. But for the
others from around the world that don't understand vietnamese could you
please use English? Thank you.
I have not used active response for editing the registry, but I am sure
it oculd be done in a script. How you do this fo
* BP9906 [2014-05-30 14:42:09 -0700]:
I've been watching active responses lately and it seems like they dont
always generate an active response. I have the settings properly but I
would say the actual active response triggers about 25% of the time. I say
that because the alerts.log (and respect
* dan (ddp) [2014-05-30 17:12:08 -0400]:
On May 30, 2014 4:42 PM, "rgamurphy" wrote:
Maybe that's where my issue is then; confusing the key based auth with
what I know of similar systems and what's been proposed in issue 166. So,
the only verification is server of client keys and no way fo
6}@[a-zA-Z0-9_.-]{1,54}$"
- grep -E "^[a-zA-Z0-9_.-]{1,36}@[a-zA-Z0-9_.-]{1,54}$"
Sorry once again on train and dont have pull terminal access.
-Jeremy Rossi
* Hakisho Nukama [2014-05-28 09:07:32 +]:
Hi,
I've cloned the github repository just yesterday and run th
I really think this could be fixed and not hardcoded. Could you open a
ticket for this on http://github.com/osse/ossec-hids/issues thank you.
* Vasiliy Shpanskiy [2014-05-27 03:07:53 -0700]:
Hi, guys.
Sorry for my english ;)
I have some trouble with sending e-mail from OSSEC server. While
o
On May 23, 2014, at 6:53 PM, "BBcan177" wrote:
>>>
>>> I have been working on a script that downloads over 50 different Blocklists
>>> and performs a duplication check to reduce the size of the data. It can
>>> download .CSV, .TXT, ,GZ, .ZIP files and also scrape from certain websites
>>> t
Some pre-auth logs don't have enough data when generated to have this data. I
don't know if this that type of messages. Anyway you could locate the original
event and export it so that we can review? I think you can export it as XML
on 2008/2012
> On May 22, 2014, at 6:22 AM, "AMMS" wrote:
s.
If so let's do that. Not hard to make XML Fields mandatory.
>
>> There were some other issues - mostly related to doing an "upgrade" vs clean
>> install. I will try to capture them all as best I can and report them.
>
> Please do.
>
>>&g
* Janelle [2014-05-20 10:37:52 -0700]:
I did open an issue in github.
Thank you
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr..
ld welcome and accept pull
requests for. It would take a few working toward the over all goal. I
will help where I can.
Thank you, -Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list&quo
Hi everyone --
In the beta of 2.8 having some issues with some strange rules I had working
that no long work. Mostly with regards to "command monitoring" that uses
some odd things. For example - detecting duplicate UIDs in password files -
this is the command:
awk -F":" 'list[$3]++{print $3}' /e
You example and errors do not line up. You example would work as it matches
hh:mm format. Could you check that ?
> On May 18, 2014, at 12:06 PM, "Nguyễn Văn Hớn" wrote:
>
> How to set in ossec. i have set 5:30 pm – 8:30 am but it
> have error
> 2014/05/18 22:59:59 ossec-analysisd(1274):
> On Apr 24, 2014, at 12:03 PM, "dan (ddp)" wrote:
>
>> On Mon, Apr 21, 2014 at 12:10 AM, wrote:
>> Hello,
>>
>> Try chmod 775 -R /var/ossec .
>
> This doesn't seem like a bad idea to anyone else?
Sorry - yes it is very bad don't do this.
If you are having this much issue please reinst
Inline -
> On Apr 22, 2014, at 9:39 PM, "miguel.j...@gmail.com"
> wrote:
>
> Hello,
>
> A customer wishes me to write an OSSEC rule that checks if a srcip has
> performed 10 or more GET requests for a specific file in Apache/Nginx
> accesslogs, over the course of the last 24 hours. If they
This is my fault. I have build not building master and stable it is just
failing to push to s3 sense I upgraded my server (damn you heartbleed ).
I will have sometime to fix this tonight and sorry about the troubles. (Blame
heartbleed like everything else ;) )
> On Apr 16, 2014, at 5:46 PM
On think that needs to be tested and taken in to account in the upgrade
process used. Currently using ./install.sh will ask to update rules.
What do we what to do about this? This would also need the most testing
in my mind.
On Fri, Mar 21, 2014 at 2:52 PM, Vic Hargrave wrote:
I would ag
* Jason Frisvold [2014-03-21 15:32:51 -0400]:
Michael Starks wrote:
If you are experiencing a performance problem with this it might be a
bug. OSSEC is designed to evaluate logs in a tree-like fashion. It
should only check as many decoders and rules it needs to (maybe 3 or 4)
for each log befo
ld love to hear back on testing.
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more
* Michael Starks [2014-03-20 21:00:03 -0500]:
On 03/20/2014 02:02 PM, Vic Hargrave wrote:
One problem with this that I can see is keeping the rule ids for new
rules unique. We'd have to figure out how to set aside rule id ranges
that would serve as namespaces or at least log the ids used by p
No matter what we do its hard and something that is just gonna take
grunt work and making sure pull requests to rules/decoders include
updates to the correct allocations files. We might want to script
something up to check with travis-ci?
-Jeremy Rossi
* Vic Hargrave [2014-03-20 17:3
Could sent the output. And some more details of the build environment. Thank
you.
> On Mar 20, 2014, at 4:02 PM, "brigg...@gmail.com" wrote:
>
> I am trying to get OSSEC installed on Solaris 11.1. Can you share with me
> what you did to get it to work? I am getting errors on "make all".
I can also help to setup travis-ci generation of tarballs, rpms, etc
and have it upload betas automaticly.
It is wonderful that you can do the above. Thank you very much!
I will start playing with this again today. travis does not deploy
during pull requests that is fine.
I have a persona
the OSSEC community to see if it will
also help them and as always impovements and suggests are welcome.
IMPORTANT: Please note do not use this or the puppet scripts in production.
I have done next to zero error checking and things *will* break.
Thank you,
-jeremy Rossi
--
---
You
https://github.com/ossec/ossec-hids/issues/147 To track this issue. I am
not able to reproduce it at this time, but I will be using this to test
some more. Please follow the github issue if you want to follow along with
up dates.
On Thursday, December 19, 2013 5:42:54 PM UTC-5, Janelle wro
https://github.com/ossec/ossec-hids/issues/147 To track this issue. I am
not able to reproduce it at this time, but I will be using this to test
some more. Please follow the github issue if you want to follow along with
up dates.
On Thursday, March 6, 2014 9:24:29 PM UTC-5, jtcour...@gmail.
* dan (ddp) [2014-03-18 12:10:20 -0400]:
On Tue, Mar 18, 2014 at 12:00 PM, Jeremy Rossi wrote:
Hope it helps; doing things like this should be done by a computer they
are better at it and it frees you up to do the fun and hard stuff.
Hope what helps? It's one more reason not t
# Use the Pull Requests Not the Commits
To create the release notes I would use the Pull Requests themselves.
They reflect a complete idea that is merged into master. Their are also
all kinds of tools to help out with this. I started writing one in
python but I will let someo
I am going to propose a 2.8 release schedule. Feel free to comment on
dates and procedure below:
1) April 1st, 2014 --- From https://github.com/ossec/ossec-hids, fork
the repository to ossec-hids-2.8.
2) Start Alpha testing phase for 2 weeks. Only bug fixes will be
accepted to the ossec-hids-2
Sent from my iPhone
> On Mar 10, 2014, at 9:29 AM, "Julien T" wrote:
>
> Hello Jeremy,
>
>
> 2014-03-09 22:58 GMT-04:00 Jeremy Rossi :
>>>
>>> It's a work in progress. People interested can check it here
>>> https://trac.macp
* Julien T [2014-03-10 15:09:34 -0400]:
My 2 cents:
* obiously, need a stable release. If there any important
bugfix/securityfix, a 2.7.2 should be issued. else go for 2.8/3.0 whatever
naming you prefer.
This is no code for 2.7.2 we have nothing that fits
* after, I'm more for regular/progre
* Michael Starks [2014-03-10 10:11:19 -0500]:
On 03/08/2014 12:37 PM, Jeremy Rossi wrote:
As you noted, we have a lot of changes. Some of them are major. I'd
rather see a stable 2.7 branch maintained for awhile while we really
break away for 3.0.
I don't understand. Some of the
I think a 2.8 release soon is a good idea. I'm a fan of having deadlines
and regular releases. For example the deadline for any changes for 2.8 will
be on X date. Then do a regular release every 2 months for example so you
know the deadline for 2.8.1 ahead of time. That way people can plan their
t
is something I would like to know more
about. If you get some tests of this happening or if you have system
where you can run logtest 1000 times and get 1 random error I would love
to know as we can work together to get a tester built to see what is
going one.
Please comment/review
Thank you a
This is great. We have started to add json and zeromq output in git to make
things like this even simpler. I don't think the json format is perfect for
logstash but it might be worth checking out to make this simpler. Also please
let's us know if their are ways to make this even better.
* Jeremy Rossi [2014-03-08 18:37:42 +]:
I think we should start a release. 2.8? We have a fair amount of
changes in sense moving to github and looks like things are moving
great.
https://github.com/ossec/ossec-hids/pulse/monthly
- for an over view of the month in just ossec-hids
https
...master
- For all changes sense the last release 2.7.1
Sense we don't have release process we should come up with that and
while do this release. Some testing and betas.
-Jeremy Rossi
As you noted, we have a lot of changes. Some of them are major. I'd
rather see a stable 2.7 branch
Some new decoder/rules syntax require a minimal version of OSSEC source to
run.
Suggest using a rule version numbering system that takes this into
consideration, and embed the version string in the comment of ...rules.xml
files.
For example, if 2.7.1-r000 is the default rules when OSSEC 2.7.1 was
/v2.7.1...master
- For all changes sense the last release 2.7.1
Sense we don't have release process we should come up with that and
while do this release. Some testing and betas.
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-l
the code base?
* What about lists?
I am down and will be more then happy to help.
-Jeremy Rossi
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
OSSEC does not use a regex to parse out the date on logs. Due to this
it depends on the Month being 3 chars:
OS_CleanMSG in analysis/cleanevent.c
I adding a check for this type of log file should not be hard, and
patches are welcome. I don't have a huge amount of time to look at this
right
I am gonna keep raising this a few more times but I am gonna start writing it
up.
Sent from my iPhone
> On Feb 20, 2014, at 10:37 AM, "Jeremy Rossi" wrote:
>
> Starting this thread I am looking for reasons and challenges not move in
> this direction. So please if
Starting this thread I am looking for reasons and challenges not move in
this direction. So please if you have a reason why this is bad, dumb,
crazy, and or insane. Please let us know
Making sure that all code in OSSEC compiles and runs on all Unixes is
hard, and limiting. I would like to sup
Sent from my iPhone
> On Feb 19, 2014, at 10:10 PM, "dan (ddp)" wrote:
>
>
> On Feb 19, 2014 10:08 PM, "Michael Starks"
> wrote:
> >
> > On 02/19/2014 10:59 AM, dan (ddp) wrote:
> >>
> >> I haven't tested our code for posix compliance, but I do know niche
> >> systems like hpux, solaris, an
Sent from my iPhone
> On Feb 19, 2014, at 12:23 PM, "dan (ddp)" wrote:
>
>> On Wed, Feb 19, 2014 at 12:20 PM, Jeremy Rossi
>> wrote:
>>
>>
>> Sent from my iPhone
>>
>>>> On Feb 19, 2014, at 11:59 AM, "dan (ddp)"
at this point in
> time.
I think the agent should be supported. We just have to be careful and get
accounts setup on http://www.polarhome.com to test agents from time to time
>
>> Later,
>> Darin
>>
>>
>>> On Wed, Feb 19, 2014 at 11:03 AM, Jeremy R
and be on their way.
>
> https://build.opensuse.org/package/view_file/home:deadpoint/ossec-hids/ossec-hids.spec?expand=1
> --
> Later,
> Darin
>
>
>> On Wed, Feb 19, 2014 at 11:03 AM, Jeremy Rossi
>> wrote:
>> Making sure that all code in OSSEC compiles
> the last 2 versions of Ubuntu or Fedora. It should be more like the last 2
> versions of Debian Stable or RHEL...
>
> --
> James Pulver
> CLASSE Computer Group
> Cornell University
>
>
> -Original Message-
> From: ossec-list@googlegroups.com [mail
ould
> build on any system following that standard, which is nearly all
> modern UNIX system.
> --
> Later,
> Darin
>
>
>> On Wed, Feb 19, 2014 at 11:03 AM, Jeremy Rossi
>> wrote:
>> Making sure that all code in OSSEC compiles and runs on all Unixes is
&
Making sure that all code in OSSEC compiles and runs on all Unixes is
hard, and limiting. I would like to support the Manager only on Modern
Unixes:
- Recent versions of BSD's
- Recent versions of Darwin
- Recent versions of Linux
This proposal is only for the manager. The agent should run on
Brad want to fork the ossec-docs on GitHub and add this to a cookbook section?
I think this cookbook section could help to solve problems for a lot of users
that just don't fit outside of a cookbook format.
Sent from my iPhone
> On Feb 11, 2014, at 10:43 AM, "Brad Lhotsky" wrote:
>
> You
Sorry for the late reply.
On Tue, 28 Jan 2014, Jeremy Rossi wrote:
## Announcement - OSSEC Moving to Github
Can we assume this also applies to ossec-wui?
Yes. We should have been more clear in the notification.
## 3) Port Open Pull Requests
1 - 100 of 146 matches
Mail list logo
