Re: [ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

2017-06-29 Thread Patrick Tobin
Not sure if this will help but these are the steps I took to build a binary installer for Solaris 10 (I did the same for 2.8.3 and it worked as well): Compile OSSEC on Solaris 10 with OPENSSL Support 1. Install opencsw pkgutil --> pkgadd -d http://get.opencsw.org/now 2. Install

[ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

2017-06-29 Thread Robert
I am having issues installing on Solaris 10 (i.e. Solaris 10 8/11 s10s_u10wos_17b SPARC) and am getting the error below when it tries to finish the install. 5- Installing the system - Running the Makefile make: Fatal error in reader: Makefile, line 4: Unexpected end of line seen Error 0x5.

Re: [ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

2017-06-29 Thread Eero Volotinen
what is output of: make --version as you can see from errormessage, problem is in the makefile. 2017-06-29 23:39 GMT+03:00 Robert : > I am having issues installing on Solaris 10 (i.e. Solaris 10 8/11 > s10s_u10wos_17b SPARC) and am getting the error below when it

Re: [ossec-list] Solaris 10 install issue - Fatal error in reader: Makefile, line 4

2017-06-29 Thread Eero Volotinen
you could also try to edit file src/makefile: find line 4: uname_S := $(shell sh -c 'uname -s 2>/dev/null || echo not') and replace it with uname_S=SunOS and try again.. Eero 2017-06-30 2:04 GMT+03:00 Eero Volotinen : > what is output of: > > make --version > > >

[ossec-list] Re: Block ssh user ip after failed login attempt in OSSEC

2017-06-29 Thread Jesus Linares
Remember that you need to restart OSSEC after changing the rules. Also, you can use *ossec-logest* to test your rules. Regards. On Thursday, June 29, 2017 at 11:25:17 AM UTC+2, Rahul Tiwari wrote: > > I tired this but its not working any other rule or something which i need > to add. > As i m

[ossec-list] Re: About the user login/login failed alert

2017-06-29 Thread miguelangel
Hi, You need to set the "frequency" attribute in rule 5712 to "1", this attribute set the number of time (+2) that a rule needs to match to fire an alert, by default the 5712 will show an alert when the 5710 appears at least 8 times, changing to "1" will fire at 3th attempt. Please check

Re: [ossec-list] OSSEC Active Response Block on pattern-matched SSH user logins

2017-06-29 Thread Rahul Tiwari
0down votefavorite I need to block the user ip after 3 times login failed attempt in ossec I tried below in sshd_rules file 5716 Multiple SSHD authentication failures.