Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread R0me0 ***
latest stable 2.8.3 neither openbsd_initify from your repository compiles. ldconfig -r | fgrep inotify linotify.2.0 => /usr/local/lib/inotify/libinotify.so.2.0 Thank you If you need anything else let me know 2016-09-30 17:25 GMT-03:00 dan (ddp) : > On Sep 30, 2016

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread dan (ddp)
On Sep 30, 2016 3:44 PM, "R0me0 ***" wrote: > > Dan I haved cloned openbsd_inotify > > and isnt compile > > + -I/usr/local/include/inotify > > > > > ifeq (${uname_S},OpenBSD) > # DEFINES+=-DOpenBSD >DEFINES+=-pthread >

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread R0me0 ***
Dan I haved cloned openbsd_inotify and isnt compile + -I/usr/local/include/inotify ifeq (${uname_S},OpenBSD) # DEFINES+=-DOpenBSD DEFINES+=-pthread LUA_PLAT=posix CFLAGS+=-I/usr/local/include -I/usr/local/include/inotify

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread R0me0 ***
I am using 2.8.3 version and is a little bit different. Anyway I have made all changes in sources files without success. Another very interesting point is: report_changes=yes isnt reporting the diff's just sum changes. Thank you guys ! really really appreciated your help ! :)

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread dan (ddp)
On Fri, Sep 30, 2016 at 11:07 AM, R0me0 *** wrote: > Taking a better look within Makeall file the flag to compile is: cho > "EEXTRA=-DUSEINOTIFY" >> Config.OS > > tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined reference > to `inotify_add_watch' > collect2:

Re: [ossec-list] Re: reindexing logs

2016-09-30 Thread Jose Luis Ruiz
Hi Roberto, nice news :) Please feel free to send pull request to Wazuh and Ossec with your improvements and new rules, the Ossec community will appreciate. Regards --- Jose Luis Ruiz Wazuh Inc. j...@wazuh.com On September 30, 2016 at 9:00:32 AM,

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread R0me0 ***
Taking a better look within Makeall file the flag to compile is: cho "EEXTRA=-DUSEINOTIFY" >> Config.OS tmp/ossec-hids-2.8.3/src/syscheckd/run_realtime.c:172: undefined reference to `inotify_add_watch' collect2: ld returned 1 exit status *** Error 1 in syscheckd (Makefile:15 'syscheck')

[ossec-list] running ossec-analysisd or ossec-logtest and getting: ERROR: Invalid element in the configuration: 'decoder'

2016-09-30 Thread Rui Da-Costa
I stripped the default file to try and isolate, the only thing i have in the file now is: (pam_unix)$ how can I debug this further? Am running the 2.8.3 AUR version for ArchLinux (https://aur.archlinux.org/packages/ossec-agent/) Thanks in advance, R -- --- You received this message

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread dan (ddp)
On Fri, Sep 30, 2016 at 9:49 AM, R0me0 *** wrote: > @dann I already set CFLAGS including include directory of inotify.h without > success > I've gotten it to compile and not give me errors, but I also don't see any realtime alerts. I'll have to find a simple inotify testing

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread R0me0 ***
@dann I already set CFLAGS including include directory of inotify.h without success @Victor without success :( I'll keep researching Thank you guys 2016-09-30 8:12 GMT-03:00 Victor Fernandez : > Hello, > > I've never done this on OpenBSD, but try to force the inotify

Re: [ossec-list] Re: reindexing logs

2016-09-30 Thread roberto . mendonca
Hi Jose! The script worked beautifully! rsrs Very thanks! Out of this topic, I'm thinking of improving the rules for some Windows security events. I do not know if there is already a topic or work on it. For the ossec generate alerts, for example, the login types: And then would release on

[ossec-list] Ossec Naming Conventions

2016-09-30 Thread EvilZ
Hi everyone i would like to know if Ossec use a Netbios naming convention where the name must be less than 14 charaters ? because i noticed a few servers who will not connect and realized it was because they are 15 characters however their are other servers who are active and yet have the same

Re: [ossec-list] Windows Eventlogs

2016-09-30 Thread Victor Fernandez
Hi Kumar, please ensure that folders "tmp" and "bookmarks" have total permissions for the "SYSTEM" user and the "Administrators" group. Regarding the usage of Event Channel, it's advisable and almost necessary since if your system has certain Windows monitoring events activated —such events

[ossec-list] Re: OSSEC - sudo

2016-09-30 Thread Victor Fernandez
Hi Kumar, The ossec group is intended to access shared files and write only onto logs and queues, but not on settings and rules files. Nevertheless, if you need to write those files, it's more secure to create a new user and add it to the ossec group and give it the needed permissions that run

Re: [ossec-list] Re: How to change the OSSEC installation directory in windows

2016-09-30 Thread Victor Fernandez
Hi Dustin. Since OSSEC is installed onto another partition, and I suppose that it won't be overwritten when you recreate the C: partition, the OSSEC settings and the key will remain unaltered. On the other hand, we are working on a Auth version for Windows clients, so you are able to request

Re: [ossec-list] OpenBSD 6 - Real Monitoring

2016-09-30 Thread Victor Fernandez
Hello, I've never done this on OpenBSD, but try to force the inotify support with Make: cd src make TARGET=agent USE_INOTIFY=yes Hope it helps. Regards. On Friday, September 30, 2016 at 12:38:30 AM UTC+2, dan (ddpbsd) wrote: > > On Sep 29, 2016 4:10 PM, "R0me0 ***" >