Randomly nearly every day, ossec-sysc uses 100% cpu for a few minutes and
then it returns to normal. Any idea why this is happening and how to stop
it?
I have scan frequency set to 1440 minutes, but its running every 5 to 8
minutes instead. Why is it running so often every few minutes instead
I upgraded OSSEC, and on service startup i get this error:
ossec-analysisd: Configuration error. Exiting.
In ossec.log, I tracked it down to:
2014/06/08 14:27:00 ossec-testrule: INFO: Reading local decoder file.
2014/06/08 14:27:00 ossec-analysisd: Invalid decoder name: 'bro-ids'.
2014/06/08 14:
Same thing here.
On Wednesday, June 4, 2014 12:59:37 PM UTC-4, Steven Stern wrote:
>
> # ps -ef |grep ossec
> ossecm 17982 1 0 11:55 ?00:00:00 /var/ossec/bin/ossec-maild
> root 17984 1 0 11:55 ?00:00:00 /var/ossec/bin/ossec-execd
> ossec17990 1 0 11:55 ?
provide /usr/bin/from
(fr$
On Wednesday, June 4, 2014 1:08:36 PM UTC-4, Steven Stern wrote:
>
> Check your package updater's logs.
>
> On 06/04/2014 07:51 AM, dan (ddp) wrote:
> > On Wed, Jun 4, 2014 at 4:53 AM, PAL 18 > wrote:
> >> I just got this a few minutes a
I just got this a few minutes ago and i wasn't logged into the box. Should
i be worried? Has my server been hacked?
Rule: 550 fired (level 7) -> "Integrity checksum changed."
Portion of the log(s):
Integrity checksum changed for: '/usr/bin/from'
Old md5sum was: '24dc25d90a3eca83ee42f2532f33e174
No, everything configuration wise is still vanilla (aside from what the
installer asked me). How would i do that?
On Monday, May 26, 2014 4:49:27 PM UTC-4, dan (ddpbsd) wrote:
>
>
> On May 26, 2014 3:25 PM, "PAL 18" >
> wrote:
> >
> > Port scan blocking doe
Port scan blocking doesn't appear to be working. I scanned with nmap (on a
different computer) and with a web based tool and OSSec didn't send me any
email alerts about the scans (i get alerts for other things).
All active response rules are set to defaults.
I thought maybe it was because bloc
Ah, thanks for clearing it up for me ;)
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit http
Is it possible to change the OSSEC manager listen port? If so, how?
Thanks in advance.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr.
For anyone else who wants to use lists, get them at
https://www.iblocklist.com/
$10 a year gets you access to all the paid lists (Squidblacklist, etc.)
On Friday, May 23, 2014 2:58:29 PM UTC-4, dan (ddpbsd) wrote:
>
> On Fri, May 23, 2014 at 2:55 PM, PAL 18 >
> wrote:
> >
I'm a little confused about what OSSEC can do, do i still need a firewall
(Iptables) set up to block ports or does OSSEC have its own firewall? If
it has its own, how do i open/close ports?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
Does OSSEC work on top of Iptables? If so, ill just use iptables to block
the ranges.
On Friday, May 23, 2014 2:08:37 PM UTC-4, Michael Starks wrote:
>
> On 05/23/2014 12:28 PM, PAL 18 wrote:
> > Can you share the script you've made?
>
> Ideally, OSSEC would have a f
Can you share the script you've made?
On Friday, May 23, 2014 9:16:00 AM UTC-4, dan (ddpbsd) wrote:
>
> On Fri, May 23, 2014 at 9:14 AM, dan (ddp) >
> wrote:
> > On Thu, May 22, 2014 at 11:25 PM, PAL 18 >
> wrote:
> >> Does OSSEC support blocklists? (D
Does OSSEC support blocklists? (Dshield, Spamhaus, etc.)
In particular, does it support automatically pulling the latest lists from
their update url's?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and sto
14 matches
Mail list logo
