On Fri, Apr 28, 2017 at 3:07 PM, Nikki S wrote:
> With tcpdump, I do see traffic getting to the server. Since the syscheck is
> only enabled every 22 hours, I was wondering what the other traffic is!
>
> How can I verify if log monitoring has been turned off?
>
Check
No changes have been to the configuration file!
# ./ossec-control restart
cat: /var/ossec/var/start-script-lock/pid: No such file or directory
cat: /var/ossec/var/start-script-lock/pid: No such file or directory
cat: /var/ossec/var/start-script-lock/pid: No such file or directory
cat:
With tcpdump, I do see traffic getting to the server. Since the syscheck is
only enabled every 22 hours, I was wondering what the other traffic is!
How can I verify if log monitoring has been turned off?
Thank you!
On Thursday, April 27, 2017 at 5:42:34 PM UTC-4, dan (ddpbsd) wrote:
>
> On
DUH! I wasn't running the command as SU! Feel really stupid right now :D
On Friday, April 28, 2017 at 3:55:35 PM UTC-4, Nikki S wrote:
>
> No changes have been to the configuration file!
>
>
> # ./ossec-control restart
> cat: /var/ossec/var/start-script-lock/pid: No such file or directory
>
#df -i
FilesystemInodes IUsedIFree IUse% Mounted on
/dev/mapper/centos-root 18358272 89206 182690661% /
devtmpfs 998801 349 9984521% /dev
tmpfs1001403 1 10014021% /dev/shm
tmpfs1001403 464 1000939
The new cool thing amongst evil hackers is to use ssh-forwarding with
a stolen credentials to bounce connections.
Has anyone done tracking of tcpforwarding to strange ports or just
unreasonable many connections?
The only way to track this I can think of is to fire an active
response each time a
2017/04/28 15:54:58 ossec-analysisd(1103): ERROR: Unable to open file
'queue/fts/fts-queue'.
2017/04/28 15:54:58 ossec-testrule(1260): ERROR: Error initiating FTS list
On Friday, April 28, 2017 at 3:55:35 PM UTC-4, Nikki S wrote:
>
> No changes have been to the configuration file!
>
>
> #
Hi,
you are right Tony. The syntax for *ossec.conf* is not user-friendly. You
must think in the following way:
If it is a setting like yes/no, it will be overwritten if the parser found
the same setting below. Example:
yes
no
The final value will be 'no'.
However, if the setting is