On Monday, March 11, 2013 1:10:42 PM UTC-5, dan (ddpbsd) wrote:
>
> On Mon, Mar 11, 2013 at 1:57 PM, hays >
> wrote:
> > Dan,
> > While I'm thinking about it, here's a patch for folks to test
> (extensively)
> > for the osx105-addusers.sh. Personally, using UID 600-2 scares me a bit
> > since
On Mon, Sep 10, 2012 at 10:38 AM, dkoleary wrote:
>
> Does anyone know if vmware's hypervisor (vSphere??) is an actual OS on
> which we can install anything, much less OSSEC?
>
For my VMWare ESX/vsphere use I'm just having the hypervisor send syslog.
The level of effort and scalability of ossec-
I believe the assumption is that the user who wants the ossec-wui will
be able to set file permissions correctly and read their web server
error log.
What did you see when you looked at the server error log?
What permissions did you set on that directory and the files therein?
On 3 May 2012,
I alert and block on many but not all web servers for precisely
this reason, but I knew what Active Response did before I turned it on
and complained about it working.
There are a lot of vulnerability
probes and assessment tools that look specifically for certain urls and
generate 404s while
This isn't an OSSEC issue, so I'm not sure why you're asking about it here.
Five seconds on Google will show you that it's a problem with a parameter being
passed to that disk by hdparm. If you don't want that error to occur, fix it.
If you don't want OSSEC to tell you about it, suppress the
On Fri, May 6, 2011 at 1:40 PM, dan (ddp) wrote:
> It can't switch because you're not root. Make sure "sudo -u ossec"
> changes the group as well (and/or try it with "-g ossec" as well).
> You may run into other problems running the daemon processes though.
> For those you'd have to break out a t
On Apr 18, 11:12 am, Michael Starks
wrote:
> OSSEC can be administered with someone who has sudo access to
> impersonate/become the ossec user account. I tried this several years
> ago. I recall that there was one daemon that failed to start because it
> started asrootand then dropped privile
You should look at the following products and projects:
- ISS RealSecure
- McAfee Endpoint Protection
- Symantec Endpoint Protection
- Cisco CSA
- Tripwire
Changes are usually announced here: http://www.ossec.net/main/category/news
On Saturday, April 23, 2011 at 7:57 AM, moazami wrote:
> Hi,
fwiw, I have seen this behavior frequently on very busy mail relays that open
and close sockets very quickly and have large process tables. It's 'jitter'
from processes exiting.
On Thursday, April 21, 2011 at 4:45 PM, Castle, Shane wrote:
I dunno. Logic sez that if it's not netstat, it's a ro
Hello,
I'm in a position where it would be advantageous to run ossec-hids as
a server by an unprivileged user.
Has anyone already gone down this road before and written
documentation or shared their installation details?
10 matches
Mail list logo
