Re: [ossec-list] Re: How to Get System Information using Agent in Ossec?

2019-02-28 Thread Patrick Tobin
If you want an OSSEC fork with this built-in, I believe Wazuh has this, as well as integration with VirusTotal. https://documentation.wazuh.com/current/user-manual/capabilities/osquery.html?highlight=osquery Thanks, Pat From: on behalf of "lamp...@gmail.com" Reply-To: "ossec-list@googlegroup

Re: [ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

2017-06-29 Thread Patrick Tobin
Not sure if this will help but these are the steps I took to build a binary installer for Solaris 10 (I did the same for 2.8.3 and it worked as well): Compile OSSEC on Solaris 10 with OPENSSL Support 1. Install opencsw pkgutil --> pkgadd -d http://get.opencsw.org/now 2. Install OPENSSL

Re: [ossec-list] Re: Deleting the OSSEC agent 'queue' directory

2017-04-20 Thread Patrick Tobin
of change history between versions at a point in time, I guess. On 04/20/2017 01:41 PM, Patrick Tobin wrote: > Here is my solution if you are using active response and allow remote commands. > > AR Script (/var/ossec/active-response/bin/fix-var.sh) >

Re: [ossec-list] Re: Deleting the OSSEC agent 'queue' directory

2017-04-20 Thread Patrick Tobin
Here is my solution if you are using active response and allow remote commands. AR Script (/var/ossec/active-response/bin/fix-var.sh) #!/bin/bash ARCommand='rm -rf /var/ossec/queue/diff/local/' RDate=`date` LOG=/var/ossec/logs/ar.log date >> ${LOG} $ARCommand >> ${LOG} AR Rule (/var/ossec/rules/

Re: [ossec-list] Creating Custom System_Audit Checks for Password Complexity

2016-06-27 Thread Patrick Tobin
Thanks Pedro! I was actually able to get it working with the below. Pretty much what you have but in one line. [RHEL Password Complexity Configuration: Password Expiration is greater than 60 days] [any] [1] f:$login_defs -> r:^PASS_MAX_DAYS && r:61|62|63|64|65|66|67|68|69|7\d+|8\d+|9\d+|1\d\d+|

Re: [ossec-list] Re: Hiring: OSSEC guru

2016-06-02 Thread Patrick Tobin
I’d be interested if it can be ‘anywhere’. From: mailto:ossec-list@googlegroups.com>> on behalf of "whittwiny...@gmail.com" mailto:whittwiny...@gmail.com>> Reply-To: "ossec-list@googlegroups.com" mailto:ossec-list@googlegroups

RE: [ossec-list] Ossec logrotate

2015-11-09 Thread Patrick Tobin
I use logrotate to rotate the OSSEC log on the server. Below is my config in /etc/logrotate.conf. /var/ossec/logs/ossec.log { daily copytruncate create 660 ossec ossec rotate 10 } Thanks, Patrick From: ossec-list@googlegroups.com [ossec-list@go