On Mon, Sep 19, 2011 at 6:32 PM, Damien Hull wrote:
> Thanks for the info. I'll give your idea a try. Still wish I could get
> the disable-account feature working. Would like to see in action even
> if I shouldn't use it.
>
Here:
First fix the disable-account.sh script. Change the log line to:
Thanks for the info. I'll give your idea a try. Still wish I could get
the disable-account feature working. Would like to see in action even
if I shouldn't use it.
On Sep 19, 2011, at 12:31 PM, Joe Gedeon wrote:
> There is another option which will help secure your Linux builds.
> Normal users s
There is another option which will help secure your Linux builds.
Normal users should not be able to run such commands as su or sudo.
Move those to another group, change the permissions, and only add the
users that should be allowed to use those commands to the group that
you created for that. Hav
Well I haven't seen any documentation on disable-account. I was hoping to
find an example. As far as I can tell no one is using this.
Can anyone share an active-response configuration for the disable-account
command?
The disable-account command is in the default configuration. It's missing an
act
On Sep 19, 2011 1:13 PM, "Damien Hull" wrote:
>
> It means I've tried several rules and nothing seems to work. I'm surprised
nobody seems to know how this option works.
>
I know how it works. You're just making very little sense. I ask for
configurations and you give bits and pieces. You're makin
It means I've tried several rules and nothing seems to work. I'm surprised
nobody seems to know how this option works.
Does anyone use anything other then the default configuration?
Sent from my iPhone
On Sep 19, 2011, at 9:05 AM, "dan (ddp)" wrote:
On Sep 19, 2011 12:56 PM, "Damien Hull" wr
On Sep 19, 2011 12:56 PM, "Damien Hull" wrote:
>
> I had a rule in my config for level 6. I also tried to add a rules_id. No
luck.
>
You had a rule? What does this mean?
> I'm not trying to disable the root account. I'm trying to disable the
> account of the attacker. Let's say the user "Mickey"
I had a rule in my config for level 6. I also tried to add a rules_id. No luck.
I'm not trying to disable the root account. I'm trying to disable the
account of the attacker. Let's say the user "Mickey" tries to su to
root. If that user types the correct password they will get in. If
they type the
Disabling root seems like a nice path to a DoS. You'd probably do
better to use a rule to block the offending IP rather than killing
root's account. (Hint from hard personal experience: Exclude your own
IP from the rule.)
On 09/19/2011 10:56 AM, dan (ddp) wrote:
>
> On Sep 19, 2011 11:53 AM, "
On Sep 19, 2011 11:53 AM, "Damien Hull" wrote:
>
> Here's my configuration for disable-account. It doesn't work. I'm not sure
I understand how it works. I was hoping a user would get kicked off the
system after too many failed login attempts. I tried to "su" to root and
type in the wrong password.
Here's my configuration for disable-account. It doesn't work. I'm not sure I
understand how it works. I was hoping a user would get kicked off the system
after too many failed login attempts. I tried to "su" to root and type in
the wrong password. I get an email from OSSEC but that's it. The user i
Why now share your configuration so we can try to help?
On Sep 18, 2011 9:40 PM, "Damien Hull" wrote:
> I just reinstalled OSSEC and configured "disable-account". No luck. It
> doesn't work.
>
> Are there any instructions for this?
>
> Sent from my iPhone
>
> On Sep 18, 2011, at 2:09 PM, Eero Volo
I just reinstalled OSSEC and configured "disable-account". No luck. It
doesn't work.
Are there any instructions for this?
Sent from my iPhone
On Sep 18, 2011, at 2:09 PM, Eero Volotinen wrote:
> 2011/9/19 Damien Hull :
>> I just installed OSSEC version 2.6 on ubuntu 10.04. I tried to
>> config
Active response should be enabled. I might reinstall just to make sure.
On Sep 18, 2011, at 2:09 PM, Eero Volotinen wrote:
> 2011/9/19 Damien Hull :
>> I just installed OSSEC version 2.6 on ubuntu 10.04. I tried to
>> configure OSSEC to disable a user account with no luck.
>>
>> I tested it by t
2011/9/19 Damien Hull :
> I just installed OSSEC version 2.6 on ubuntu 10.04. I tried to
> configure OSSEC to disable a user account with no luck.
>
> I tested it by typing the wrong password into "su". I get an email but
> the account is still active.
>
> How do I disable user accounts with OSSEC?
I just installed OSSEC version 2.6 on ubuntu 10.04. I tried to
configure OSSEC to disable a user account with no luck.
I tested it by typing the wrong password into "su". I get an email but
the account is still active.
How do I disable user accounts with OSSEC?
16 matches
Mail list logo
