is there a condition where ossec blocks all incoming connections?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
Good news !
El martes, 28 de enero de 2014 15:21:38 UTC-5, Jeremy Rossi escribió:
## Announcement - OSSEC Moving to Github
OSSEC is moving from bitbucket to github, and in the process moving to a
new method for accepting contributions. This is an exciting change that
we feel will help
-remoted(1410): INFO: Reading authentication keys
file.
is it normal to look for ar.conf in /etc/shared/ ??
On Wednesday, May 22, 2013 12:10:17 PM UTC-8, cristian wrote:
HI ,
I have a problem with active response on ossec hids 2.7 stable release
[root@ossec1 etc]# /var/ossec/bin
i think i fixed it.
on ossec hids server the owner was root. changed it to ossec and
worked
On Wednesday, May 22, 2013 12:10:17 PM UTC-8, cristian wrote:
HI ,
I have a problem with active response on ossec hids 2.7 stable release
[root@ossec1 etc]# /var/ossec/bin
to yes
ossec_config
client
server-ip10.10.11.13/server-ip
/client
active-response
disabledno/disabled
/active-response
am i missing something?
Regards ,
Cristian
--
---
You received this message because you are subscribed to the Google
I have not too much experience on this, but why just dont install ossec on
a separate partition that is mirrored by a software raid that works over a
network?
On Sunday, September 16, 2012 1:30:36 AM UTC-5, SUMANT wrote:
Hi All,
We have two ossec servers, one primary and other standby
, 2012 at 9:59 PM, cosmaschi cristian
cristicosmas...@gmail.com wrote:
my las Active responce log is from Mon Jun 4 21:23:43 EDT 2012 ups:|
thas
bad
attached are ossec.conf and asterisk rules
Thanks
So you have a very basic active response configuration. I think the
host-deny
Hello ,
Im trying to debug on ossec , following
http://www.ossec.net/doc/faq/unexpected.html
example If you have logs similar to the following in
/var/ossec/queue/ossec/queue:
when i run
tail -f /var/ossec/queue/ossec/queue
i get
tail: cannot open `/var/ossec/queue/ossec/queue' for
my las Active responce log is from Mon Jun 4 21:23:43 EDT 2012 ups:|
thas bad
attached are ossec.conf and asterisk rules
Thanks
On Wed, Jul 11, 2012 at 9:48 PM, dan (ddp) ddp...@gmail.com wrote:
On Jul 11, 2012 9:43 PM, cosmaschi cristian cristicosmas...@gmail.com
wrote:
i see
The Web UI version im using its 0.3
On Wed, Jul 11, 2012 at 9:58 PM, Ivan Zenteno k001.opera...@gmail.comwrote:
Dan,
Ouch, you just killed me...
Maybe Cristian doesn't know the netiquette in mail lists.
Rules
2012/7/11 dan (ddp) ddp...@gmail.com
On Jul 11, 2012 9:43 PM, cosmaschi
on server and agents.
Thanks ,
On Wed, Jul 11, 2012 at 10:25 PM, cosmaschi cristian
cristicosmas...@gmail.com wrote:
The Web UI version im using its 0.3
On Wed, Jul 11, 2012 at 9:58 PM, Ivan Zenteno k001.opera...@gmail.comwrote:
Dan,
Ouch, you just killed me...
Maybe Cristian doesn't
(level 10) - 'Login session failed (invalid extension).'
Jul 11 22:55:12 hp22 asterisk[11715]: NOTICE[11747]: chan_sip.c:24170 in
handle_request_register: Registration from 'sip:1...@hp22.xxx.com:5060'
failed for '99.251.108.141:5060' - No matching peer found
Kind Regards ,
Cristian
On Wed, Jul 11
hello ,
I run asterisk and some aastra scripts.
when i call aastra scripts from my ipphone i get false positives.
how can i exclude aastra phones from being blocked by osses.
Alert list
2012 Jun 11 15:57:55 Rule Id: 31106 level: 6
Location: (Z09) xx.2x.1xx.xx4-/var/log/httpd/access_log
Src
How many logs do you expect to collect per day, or per second, do you
have this measurements?
Btw ossec can run in comodly hardware with no pain :)
signature.asc
Description: Digital signature
On Fri, Nov 05, 2010 at 10:54:43AM -0400, Brennan, Joseph J (LABOR) wrote:
Hi-
I wanted to know if AIX 6.1 is supported with OSSEC? The web site just lists
AIX 5.3 but I don't know if it is up to date or not
Just make sure to install a recent/decent version of gcc and make, sure it will
On Thu, Oct 21, 2010 at 07:34:48AM -0500, Michael Starks wrote:
. What happens when a host is attacked?
Something get in our system
What are the usual
sequence of events that take place? How can OSSEC effectively detect
these while keeping the noise down?
Some suspicious traffic may be
Lack of good comand line search tool to look trought alert logs archives
(imagine doing that after 12 moths of operation !!)
Graphs, all people like then, we have text reports, but what about csv-like
reports that later can be visualized usign a chart?
Is not a pain but wizadr-like interface
Automatic responses is so neat, it save my time all days blocking
bots ip and also protecing my network against intruders using scapy and
arp poisoning
signature.asc
Description: Digital signature
On Tue, Oct 19, 2010 at 07:24:30AM -0500, Michael Starks wrote:
Post your rules, best-practices and so on. This is a great option
for those who don't want to create something like a full blog post.
Just reply with something quick and dirty. Post away!
In decoders creation the \. save my time
Check this:
http://www.ossec.net/wiki/Know_How:Ignore_Rules
signature.asc
Description: Digital signature
I'm just passing out a simple decoder/rule i did to catch interesting
events from a pound proxy:
Is too basic so far, i hope expand it as soon i get used ossec and get
the right security events to wait for.
So please take a look and consider add it to next release :)
Decoder:
!--
2010 Feb 16
21 matches
Mail list logo
