Thanks for the links, I had been wondering if there were tools like these. However has anyone run into any trouble with syscheck_control seg faulting on Fedora 9.
Well, let me a bit more specific (ip addresses removed from info) The following command fails: [EMAIL PROTECTED] bin]# ./syscheck_control -i 001 Integrity changes for agent 'harp (001) - ': Segmentation fault and ossec reports Oct 1 17:27:11 menace kernel: syscheck_contro[6818]: segfault at 8 ip 6cc461 sp 7fff0b659380 error 4 in libc-2.8.so[62f000+162000] but the following works just fine [EMAIL PROTECTED] bin]# ./syscheck_control -i 001 -f ossec Integrity changes for agent 'harp (001) - 130.68.4.82': Detailed information for entries matching: 'ossec' 2008 Oct 01 16:34:00,0 - /var/ossec/etc/ossec.conf File added to the database. Integrity checking values: Size: 2428 Perm: r--r----- Uid: 0 Gid: 504 Md5: 9ce39facef5d9dd3a9379f82898ee14d Sha1: 608a28d729ec7409f5ae8879fd49a12b7564dba1 19974 Mar 25 07:32:03,0 - /var/ossec/etc/ossec.conf File changed. - 1st time modified. Integrity checking values: Size: >3129 Perm: r--r----- Uid: 0 Gid: 504 Md5: >e3e41ddc592fe7fa26d4cd6604333e45 Sha1: >3793141962eced5e0e783db4605a2615b6b1ce33 Bryan Jacobs wrote: > Yes sir... the following did the trick! > > /var/ossec/bin/agent_control -r -u 000 > > Thank You! > > On Sun, 2008-09-28 at 23:03 -0200, Rodrigo Montoro(Sp0oKeR) wrote: >> Try >> >> >> http://www.ossec.net/dcid/?p=130 >> >> http://www.ossec.net/dcid/?p=142 >> >> >> >> >> Hope it helps! >> >> >> Regards, >> >> >> Rodrigo Montoro(Sp0oKeR) >> >> On Sun, Sep 28, 2008 at 7:21 AM, Byran Jacobs <[EMAIL PROTECTED]> >> wrote: >> >> How do I manually invoke a system check? I have a few laptops >> that >> OSSEC is installed on and they do not get used all that often >> but when >> they do I usually run updates on them, do what I need to, and >> shut them >> down. I would like to manually run a system check after the >> updates >> have been installed/run so all alerts of changed files will be >> processed >> at the time the updates are run and not weeks/months later >> when the >> laptop(s) are turned back on and used. >> >> Thanks In Advance, >> >> BKJ >> >> >> >> ---------------------------------------------------- >> Virus Free -- Scanned By MailSecurity >> ---------------------------------------------------- >> This email message is for the sole use of the intended >> recipient(s) and may contain confidential and privileged >> information. Any unauthorized review, use, disclosure or >> distribution is prohibited. If you are not the intended >> recipient, please contact the sender by reply email and >> destroy all copies of the original message. Any views >> expressed in this message are those of the author, except >> where the sender specifically states them to be the views of >> BBG, Inc. >> >> >> >> -- >> =========================== >> Rodrigo Montoro (Sp0oKeR) >> Security Analyst >> SnortCP / RHCE / LPIC-I / MCSO >> http://www.spooker.com.br >> http://www.snort.org.br >> http://www.linkedin.com/in/spooker >> =========================== >> > > > > ---------------------------------------------------- > Virus Free -- Scanned By MailSecurity > ---------------------------------------------------- > This email message is for the sole use of the intended recipient(s) and may > contain confidential and privileged information. Any unauthorized review, > use, disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all copies of > the original message. Any views expressed in this message are those of the > author, except where the sender specifically states them to be the views of > BBG, Inc.
