Hello
I have created on the server multiple entry for agents with IP address
fixed to any because the agents are behind a firewall and they are
seen by the server with its public IP.
All is working fine except when the agent fire too much rules. Server
side the rule is affected to the wrong
of the netstat command to make sure it hasn't
changed.
On Tue, Oct 19, 2010 at 10:36 AM, tux3132 tux3...@gmail.com wrote:
Hi
I have this level 7 alert fired by #510 rule:
Port '40848'(tcp) hidden. Kernel-level rootkit or trojaned version of
netstat
No over alerts of this level since one
Hi
I have this level 7 alert fired by #510 rule:
Port '40848'(tcp) hidden. Kernel-level rootkit or trojaned version of
netstat
No over alerts of this level since one month ...
Is this a false positive ? (I hope ... )
Best regards.
, tux3132 tux3...@gmail.com wrote:
Hi
I have the following configuration for active response configured as
following :
command
namefirewall_drop/name
executablefirewall-drop.sh/executable
expectsrcip/expect
timeout_allowedyes/timeout_allowed
/command
active-response
Hi
I have the following configuration for active response configured as
following :
command
namefirewall_drop/name
executablefirewall-drop.sh/executable
expectsrcip/expect
timeout_allowedyes/timeout_allowed
/command
active-response
commandfirewall_drop/command
No one has ever encountered this problem ?
On 10 oct, 15:48, tux3132 tux3...@gmail.com wrote:
I
I have installed OSSEC 2.5 on Debian Lenny and all is working fine.
I have created a command :
command
namefirewall_drop/name
executablefirewall-drop.sh/executable
expectsrcip
to be unique (or a
CIDR range, and /32 is too small of a range).
On Fri, Oct 15, 2010 at 4:35 AM, tux3132 tux3...@gmail.com wrote:
I
I have installed one agent on a (linux) host on a private network
behind a firewall connected to the net with a static public IP
address. This agent contact
agent_id#agent/agent_id
Thank you for your help.
Best regards.
On 15 oct, 15:56, dan (ddp) ddp...@gmail.com wrote:
On Sun, Oct 10, 2010 at 9:48 AM, tux3132 tux3...@gmail.com wrote:
I
I have installed OSSEC 2.5 on Debian Lenny and all is working fine.
I have created a command
I
I have installed OSSEC 2.5 on Debian Lenny and all is working fine.
I have created a command :
command
namefirewall_drop/name
executablefirewall-drop.sh/executable
expectsrcip/expect
timeout_allowedyes/timeout_allowed
/command
and two active-response, one for each agents