Re: [ossec-list] OSSEC install on Solaris 9

Here is one way 5- Installing the system - Running the Makefile mksh: Fatal error: Cannot load command `/usr/ccs/bin': Bad file number Current working directory /export/ossec-hids-2.8.1/src *** Error code 1 make: Fatal error: Command failed for target `all' Error 0x5. Building error.

Re: [ossec-list] OSSEC install on Solaris 9

do you have compiler installed on system? Eero 26.6.2017 9.37 ip. "Mathew Habicht" kirjoitti: > Here is one way > > 5- Installing the system > - Running the Makefile > mksh: Fatal error: Cannot load command `/usr/ccs/bin': Bad file number > Current working

Re: [ossec-list] OSSEC install on Solaris 9

# gcc --version gcc (GCC) 4.7.2 Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # cc --version /usr/ucb/cc: language optional software package

[ossec-list] OSSEC install on Solaris 9

I am attempting to install OSSEC 2.8.1 on a Sparc Solaris 9 server, But I am having compiler issues and the install will not complete. Are there instructions that are specific to installing on Solaris 9? I have found all the errors I am seeing but all the resolutions are for Solaris 10.

Re: [ossec-list] OSSEC install on Solaris 9

Yes, I added 4 packages. 1-GCC and 3-LIB On Monday, June 26, 2017 at 3:06:33 PM UTC-4, Eero Volotinen wrote: > > do you have compiler installed on system? > > Eero > > 26.6.2017 9.37 ip. "Mathew Habicht" > kirjoitti: > >> Here is one way >> >> 5- Installing the system

Re: [ossec-list] OSSEC install on Solaris 9

so, you are using sun compiler instead of gcc.. just fix that issue.. 26.6.2017 10.32 ip. "Mathew Habicht" kirjoitti: > # gcc --version > gcc (GCC) 4.7.2 > Copyright (C) 2012 Free Software Foundation, Inc. > This is free software; see the source for copying conditions.

Re: [ossec-list] OSSEC block vulnerability scanners head user_agent

What is the output of ossec-logtest?. Once you have a rule for that event, you can create an active response. Regards. On Sunday, June 25, 2017 at 12:06:23 AM UTC+2, Fredrik Hilmersson wrote: > > I spoke to early, Still getting spammed ... > > Den lördag 24 juni 2017 kl. 22:20:13 UTC+2 skrev

Re: [ossec-list] Passing entire log line to Active Response script - how?

Hi, active response only accepts *user *and *srcip *as arguments. So, you need to create a decoder to extract the log as user or srcip. I'm not sure if this regex will work: "^(\.+)$". I hope it helps. On Sunday, June 25, 2017 at 7:06:31 PM UTC+2, dan (ddpbsd) wrote: > > > > On Jun 25, 2017

Re: [ossec-list] ossec on cent os 7

Hi, keep in mind that the previous link is for OSSEC 2.8.2 and the latest release is v2.9.1 . I recommend you to install OSSEC from packages, here

Re: [ossec-list] OSSEC block vulnerability scanners head user_agent

Hello Jesus, So, I think I've got the rule to work. 1. Rule: 31101 web-accesslog Jorgee$ Jorgee vulnerability scanner 2. Logtest output: SRCIP - - [26/Jun/2017:08:38:43 +0200] "HEAD http://HOSTIP:80/phpmyadmin4/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee **Phase 1: Completed

Re: [ossec-list] OSSEC block vulnerability scanners head user_agent

Good job. Also, you can block the IP using active response . Regards. On Monday, June 26, 2017 at 11:12:02 AM UTC+2, Fredrik Hilmersson wrote: > > Hello Jesus, > > So, I think I've got the rule to work. > > 1. Rule: > > > 31101 >