Re: [ossec-list] CentOS 7

here : http://repo.godshell.com Based on the atomic stuff, with some of their extras removed. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- “Space,” it says, “is big. Really big. You just won’t believe how vastly, hugely, mindbogglingly

Re: [ossec-list] Regarding installation of OSSEC in Linux systems

On Nov 16, 2012, at 7:37 AM, Eero Volotinen eero.voloti...@iki.fi wrote: You can also use SELinux with ossec, but it requires some tuning.. Any idea if there's a how-to out there identifying how to do this? -- Eero --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] OSSEC Symposium Summer 2012, July 12-13, Cupertino, CA

Not to be distrustful, but why would trend micro announce this and put the sign up page on a non-trend micro domain? And announce via a gmail address? I smell a scam... - Friz On Jun 5, 2012, at 6:48 PM, JB jjoob...@gmail.com wrote: Trend Micro has announced the first OSSEC Symposium to

Re: [ossec-list] Web Server Trouble

as bad. It's probably something simple. I haven't had a chance to fully test Moodle as of yet, but I expect there will be a number of items that need to be handled in order to make it all run smoothly. Incidentally, is this Moodle 1 or 2? --- Jason 'XenoPhage' Frisvold

Re: [ossec-list] how to clone

On Jan 18, 2012, at 8:34 AM, dan (ddp) wrote: In that case it's as simple as `hg clone https://bitbucket.org/dcid/ossec-hids` Right, right.. Mercurial clone.. I've got git on the brain these days.. :P --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] how to clone

to clone with ossec install on Ubuntu advance thanks for help --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law signature.asc

Re: [ossec-list] 2.6 compile error on RHEL3u9

to be built with openssl. RHEL 3.9? That's a bit old at this point, no? Redhat end-of-lifed that in October of 2010, which means you're not getting security updates anymore.. I'd recommend getting onto something newer .. --- Jason 'XenoPhage' Frisvold xenoph

[ossec-list] Whitelisting by server

or storage servers. I don't see a very easy way to do this, though.. Thoughts? - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology.\ - - Niven's Inverse of Clarke's Third

Re: [ossec-list] OSSEC RPM

.. :P --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] OSSEC RPM

with the permissions? I'll post here in next few days once it's finished. Yes, PLEEZE! - Trey --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse

Re: [ossec-list] OSSEC RPM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/05/2012 01:21 AM, Joe S wrote: That does help. I'm trying to do the same thing. You can find the SRPM I created on my site : http://godshell.com/software - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] rpm agent howto set it up to a remote ossec server

for the server IP. We don't currently provide RPMs. Where did you get this one? RPMs aren't really meant to be interactive, so this sort of this is actually expected. The RPM I built has just a generic config file used for all setups. --- Jason 'XenoPhage' Frisvold

Re: [ossec-list] latest spec file - 2.6?

on improvements. What features are you referring to? Thanks to all and if I can help, just let me know. -K --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse

Re: [ossec-list] Integrity check functionality

.. Credit where credit is due. I believe I put the author information in the notes.. And if I didn't, then I need to fix that.. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology

Re: [ossec-list] latest spec file - 2.6?

.. Now I need to go look and see what makes yours so cool.. ;) Anything major in there? Something I should add? Or maybe we all get together and make official ones for OSSEC and get Dan's blessing? - Trey --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] Integrity check functionality

On Oct 12, 2011, at 1:58 PM, dan (ddp) wrote: The srpm is yours. I understand the patches are not. I'm pretty sure they were accurately labeled. Cool. Just want to make sure I'm not getting credit for something I didn't do.. :) --- Jason 'XenoPhage' Frisvold xenoph

Re: [ossec-list] latest spec file - 2.6?

something together.. Perhaps Trey and I should put our heads together.. Anyone else interested? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse

Re: [ossec-list] Integrity check functionality

On Oct 11, 2011, at 9:25 AM, dan (ddp) wrote: It currently does not rotate ossec.log. Well.. Then it's working as expected. We should fix that, though.. :) --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced

Re: [ossec-list] latest spec file - 2.6?

on my site : http://godshell.com/software It includes a few patches, but starts with pristine source. It should be easy enough to remove the patches if that's what you're after. It's based on the AtomicTurtle spec. thanks ~k --- Jason 'XenoPhage' Frisvold xenoph

Re: [ossec-list] Third Annual Week of OSSEC

. Everyone has a talent. Sharing made OSSEC what it is today and I hope this can be the biggest year yet! Speaking of cyber security month.. Anyone headed to DerbyCon this weekend? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any

Re: [ossec-list] All Agents offline

? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law signature.asc Description: Message signed with OpenPGP using GPGMail

Re: [ossec-list] All Agents offline

to make is having it check the agent status directly instead of relying on ossec-control. Any chance you'd share the script? I've been meaning to learn Python.. :P --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced

Re: [ossec-list] Rule not firing properly?

, is working. Yes, execd is running. This is the master server, but also the server where these active responses should be firing. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable

[ossec-list] Rule not firing properly?

binmRonulI36G.bin Description: PGP/MIME Versions Identification PGP.asc Description: Message encrypted with OpenPGP using GPGMail

Re: [ossec-list] Rule not firing properly?

/location level6/level timeout21600/timeout repeated_offenders720,1440,10080/repeated_offenders /active-response I'm at a loss.. Any thoughts? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic

Re: [ossec-list] Defcon 19

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Aug 5, 2011, at 7:42 PM, oscar schneider wrote: Hey, anyone around here on DefCon and like to meet? I wish... I'll be at DerbyCon in the fall.. Anyone headed there? Cheers, oscar - --- Jason 'XenoPhage' Frisvold

Re: [ossec-list] Re: Monitoring logins via btmp and wtmp

- --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin

Re: [ossec-list] OSSEC v2.6 released

shortly for this new release.. :) *The GPG key was changed as well. So make sure to download the new one before verifying the package. Thanks! Daniel B. Cid (in name of the OSSEC + Trend team) d...@ossec.net - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] Enhanced OSSEC: Agent Config Profiles now supports inheritance/merging

encounter any problems with the site or the RPMS. Thanks! - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

Re: [ossec-list] Re: Alert level 0 in rule and frequency

? Might this work similar to how the active responses work? ie, put the higher trigger before the lower one. So if the 6x trigger is rule 10005 and the 12x is 10015, then flip the sids putting the 12x first. TIA! - -- - --- Jason 'XenoPhage' Frisvold xenoph

Re: [ossec-list] if_sid vs if_matched_sid

anything fancy with it. But I can definitely update the above. Feel free to fork it, modify it, etc. And/or create issues on bitbucket for me. I should be savvy enough to figure this out.. :P hginit.com here I come! dan - -- - --- Jason 'XenoPhage' Frisvold xenoph

[ossec-list] if_sid vs if_matched_sid

the community can update it? - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version

Re: [ossec-list] Re: active-response question on the ossec server Options

this myself as of yet. Too chicken.. :P Do you have any other active response blocks in your config, or just the one with location all ? Are you verifying the lack of block via logs, or by checking iptables directly? - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] Enhanced OSSEC to support agent profile configurations

to learn how to use git so I can start contributing rules.. :) Thanks! - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] Re: shared config being distributed to ALL hosts

for windows might look like. Enjoy. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version

Re: [ossec-list] Enhanced OSSEC to support agent profile configurations

.. I like being able to use merging to create profiles for disparate parts and combine them together as needed. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology

Re: [ossec-list] Anti-DDoS Rule

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/08/2011 02:38 PM, Jason 'XenoPhage' Frisvold wrote: Hi all, I'm trying to put together a rudimentary anti-DDoS rule in OSSEC and I could use a hand .. Basically, I'm looking to block anyone who excessively hits a web server

Re: [ossec-list] Anti-DDoS Rule

* - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin

Re: [ossec-list] Re: Web Interface parsing with beta 2.6

.. *sigh* - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin

Re: [ossec-list] Active Responses triggered but no events logged

expecting? It logged the active response that was triggered.. ? Thanks - Trey - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's

Re: [ossec-list] Re: OSSEC 2.6 beta-1 available

. http://www.godshell.com/software This was initially built by modifying the atomic RPM. I haven't kept up with what changes I've made since then, though. As always, at your own risk. Thanks - Trey - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

[ossec-list] Anti-DDoS Rule

=500 timeframe=60 if_matched_sid31100/if_matched_sid same_source_ip / descriptionExcessive access, Temporary block/description /rule This seems to be correct, but I can't get it to trigger with ossec-logtest .. Any tips? Thanks, - -- - --- Jason 'XenoPhage

Re: [ossec-list] OSSEC 2.6 beta-1 available

-syscheckd... Started ossec-monitord... Completed. What's the 127 mean? Leftover debug? Thanks, - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse

Re: [ossec-list] Installation and use without root access?

as an unprivileged user significantly reduce the functionality? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] OSSEC server won't bind to 1514/UDP...

, 2011 at 9:25 AM, Jason 'XenoPhage' Frisvold xenoph...@godshell.com mailto:xenoph...@godshell.com wrote: On 03/22/2011 11:10 PM, Eric Hansen wrote: Lol, the only thing I'm beginning to wonder is that Arch Linux, for one reason or another, isn't liking OSSEC. Correct, the server cannot bind

Re: [ossec-list] OSSEC server won't bind to 1514/UDP...

know arch has some peculiar (at least to me) ways of doing things, but I thought that was just my own unfamiliarity with the system. You used install.sh to set up the server, yes? - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] OSSEC server won't bind to 1514/UDP...

running, perhaps because of directory permissions problems. On my install, the shared directory is owned by ossec.ossec and has permissions of 770 . - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic

Re: [ossec-list] ossec-logtest error

- -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG

Re: [ossec-list] OSSEC server won't bind to 1514/UDP...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/18/2011 11:43 PM, Eric Hansen wrote: That I did. Are you running selinux, perchance? When your work speaks for itself, don’t interrupt. – Henry J. Kaiser - -- - --- Jason 'XenoPhage' Frisvold xenoph

Re: [ossec-list] OSSEC server won't bind to 1514/UDP...

manage_agent? --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] 404 Not Found

and it looks pretty nice. The ossec plugin was already updated for it. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] ossec centralized configuration

everything as concise as I could to make it more readable. I'll see if I can take a look at the OSSEC manual itself and try to make it more readable. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic

Re: [ossec-list] ossec centralized configuration

. Typically the agent.conf is sent from the server to the client within the first few seconds so a restart causes the client to properly see the agent.conf file and act accordingly. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently

Re: [ossec-list] ossec centralized configuration

--- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] How to check active response has been activated ornot ??

the active-response.log file and fire off an email/alert when a new entry is added. It's simple to do, and helps solve the notification problem. On Wed, Mar 2, 2011 at 2:18 PM, Tanishk Lakhaani tanishk2...@gmail.com wrote: --- Jason 'XenoPhage' Frisvold xenoph

Re: [ossec-list] 404 Not Found

to be well supported or updated at this point. Splunk with the free OSSEC splunk plugin works wonderfully. I wonder if it's worth removing the wui altogether from the OSSEC site or at least marking it as unsupported. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] Maybe a false positive with rule 510

the same explanation. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] Re: Deletion of log data

specifically reference syscheck in the rules themselves. --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com --- Any sufficiently advanced magic is indistinguishable from technology. - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] Local_rules.xml ... public repository ?

a centralized rules repository to be useful, though, and I think OSSEC should have an official one, whether that's run by OSSEC or by a community member. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic

[ossec-list] syscheck alert information

, ctime, and permissions. Does any of this functionality exist currently? (A quick search doesn't turn anything up) Or perhaps is it something that can be added for 2.6 or 2.7 ? Thanks, - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] syscheck alert information

.. :) As long as it's on there and the right people have the wishlist, I'll be satisfied. dan - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse

Re: [ossec-list] File and folder monitoring

frequency7200/frequency auto_ignoreno/auto_ignore alert_new_filesyes/alert_new_files directories check_all=yes/etc/directories syscheck Chad Hammond - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any

Re: [ossec-list] OSSEC in the Enterprise

in my deployment. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14

Re: [ossec-list] ossec agent and logs

, but it works really well. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2

Re: [ossec-list] Re: ossec agent and logs

forwarder is a full splunk install with just a few items turned on. This new forwarder, I believe they're calliing it the ultra light forwarder, will be stripped down to the bare minimum. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] Re: high availability solution

it should just work without any sync... I was planning on syncing the RIDs .. The RIDs shouldn't change unless a new agent is added, right? What's the security impact of disabling the RIDs? What does that open me up for? Daniel B. Cid Thanks, - --- Jason 'XenoPhage

Re: [ossec-list] Different active response dutations for each level

level has to come first. I'm using this in production already. :) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] Error in destination mail with agent created with IP address = any

was to disable email grouping, but that just results in more email. :) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] Consolidate active-response.logs

, but should work. You! With your inescapable logic! ... Thanks. :) I should have thought of that... :P - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's

Re: [ossec-list] Consolidate active-response.logs

On Dec 30, 2010, at 4:55 PM, Saket saketbajo...@gmail.com wrote: Hi, Is there a way to consolidate all the active-response.log file from all the agents? It is difficult to access each agents active-response.log, I am presuming there is a way to consolidate all the active-response.log in

[ossec-list] Happy Holidays!

knowledge! - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin

Re: [ossec-list] Strange Alert

before posting. :) - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2

[ossec-list] Strange Alert

. 2010 Dec 07 09:22:47 Received From: (myServer) 192.168.0.1-ossec-keepalive Rule: 1002 fired (level 2) - Unknown problem somewhere in the system. Portion of the log(s): - --MARK--: *IccQ?lots of gobbledegook here - --END OF NOTIFICATION - --- Jason 'XenoPhage' Frisvold

Re: [ossec-list] Active response against external harware.

elsewhere.. Or give a clue as to how you construct your passwords. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] Daily Report have blank body, data is part of subject line

smtpd, and probably sendmail. So those will be the start of a does work list. Anyone want to contribute to this list? qmail works fine as well. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic

Re: [ossec-list] Re: Bug report for OSSEC 2.5.1 (ftpd-mac-failure decoder in decoder.xml)

as well as those that may have square brackets. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE

Re: [ossec-list] Handling directory traversal false positives

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Oct 21, 2010, at 8:15 PM, Jason 'XenoPhage' Frisvold wrote: I find myself struggling with how to handle directory traversal false positives. The following happily triggers rule 31104 and active response blocks the IP. 204.41.5.50 - - [21

Re: [ossec-list] Email alerting options

in the log, however. TIA! - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG

Re: [ossec-list] 2WoO Day 7: Supporting New Applications the Right Way

/archives/278-WoO-Day-7-Tidbits.html - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version

Re: [ossec-list] Day 7: Making it happen: who, what, when and how?

is on my list of things to do in my spare time. What is this spare time you speak of.. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's

Re: [ossec-list] 2WoO Day 5: Taming File Integrity Alerts

/archives/276-WoO-Day-5-Decoders-Unite!.html - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE

Re: [ossec-list] Day 4: What bugs you: problems, challenges and room for improvement.

.. There is a free version of splunk that works with plugins.. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

Re: [ossec-list] Day 4: What bugs you: problems, challenges and room for improvement.

that prevent installation of new versions of the rules? - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

[ossec-list] Handling directory traversal false positives

to alter it so it detects two or more directories being traversed, but I can think of a few ways to defeat that too.. So, how do I handle this? Thanks, - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic

Re: [ossec-list] Day 4: What bugs you: problems, challenges and room for improvement.

that. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG

Re: [ossec-list] 2WoO Day 3: Abusing OSSEC–the Cou ntermeasures

-Meet-the-agent.html Feel free to leave comments, I crave feedback! :) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third

Re: [ossec-list] 2WoO Day 2: Abusing OSSEC

- -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) Comment

Re: [ossec-list] 2WoO Day 2: Tell your story. How has OSSEC helped you?

more about OSSEC, I'm sure I'll unlock even more capability that I'm not even aware of yet. This is becoming one of the more powerful tools in my security belt and I'm excited to see what comes next. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com

Re: [ossec-list] Re: Duplicate active response

. - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux

Re: [ossec-list] OSSEC 2.5 Question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Oct 13, 2010, at 9:57 AM, ddp...@gmail.com wrote: Not that I'm aware of. Last time I checked the source and Windows packages were there, just hadn't been signed yet. Signed and out now.. :) - --- Jason 'XenoPhage

[ossec-list] Reports ?

...@mydomain.com/email_to /reports When exactly should this report run? I have yet to receive and email ... This has been in place for about 2 days now.. Is this misconfigured? Am I missing something? Thanks, - -- - --- Jason 'XenoPhage' Frisvold xenoph

Re: [ossec-list] Reports ?

made a bunch of changes to see this thing fire.. :) - -- - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP

Re: [ossec-list] Re: v2.5 logcollector problem?

. Logcollector was segfaulting. Daniel Cid resolved the problem. The fix will be in 2.5.1 when that's released, which apparently will be real soon now ... :) - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic

Re: [ossec-list] Re: v2.5 logcollector problem?

? - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin

Re: [ossec-list] Re: v2.5 logcollector problem?

then.. :) - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin

[ossec-list] agent_config os attribute

2.4.x or similar)? Thanks! - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG

[ossec-list] All I want for Christmas ...

of it.. - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.14 (Darwin

Re: [ossec-list] Re: report_changes Option Crashes remoted

Will this eventually end up as a 2.5.1 release? Should have fixed it. thanks, - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced magic is indistinguishable from technology. - - Niven's Inverse of Clarke's Third Law

Re: [ossec-list] question

a role here in that you can use it to monitor the syslog traffic from the ASA and alert on problems, take action when it detects attacks, etc. [1] http://www.shrubbery.net/rancid - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any

[ossec-list] OSSEC Website Error

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure who's in charge of the site, but the downloads page shows v2.4 with a v2.5 package for download.. :) - --- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --- Any sufficiently advanced

  1   2   >