Re: [ossec-list] Finaly got it

Wed, 15 Dec 2010 12:32:24 -0800

cool !
can you share your final scripts?

On 12/15/2010 02:58 PM, [email protected] wrote:

Hi

 

  Finaly got exactly what I want 

To get there I made a new decoder in /ossec/etc/local_decoder.xml

Corrected the method in /opt/rules/local_rules.xml

Restarted the server  and voila! It works

 

Thank

Dan

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rwxrwxrwx /cdpq/coco

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /cdpq/coco123

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rwxrwxrwx /cdpq/mama

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /cdpq/mama123

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /users/assed/cdpqda.txt

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /users/assed/cis-cat.out

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /users/assed/cis-gsm-out

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rwxrwxrwx /users/assed/per-sort2.pl

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:19

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /etc/cocomo

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:21

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rwxrwxrwx /cdpq/coco

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:21

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rw-rw-rw- /cdpq/coco123

 

 

 

 --END OF NOTIFICATION

 

 

 

OSSEC HIDS Notification.

2010 Dec 15 15:10:21

 

Received From: cdpqda->/var/log/perm.log

Rule: 100021 fired (level 10) -> "World-writable File"

Portion of the log(s):

 

Wrong file permissions in -rwxrwxrwx /cdpq/mama

 

 

 

 

 


Avis de confidentialité : Ce courriel et les pièces qui y sont jointes contiennent de l'information confidentielle et peuvent être protégés par le secret professionnel ou constituer de l’information privilégiée. Ils sont destinés à l'usage exclusif de la (des) personne(s) à qui ils sont adressés. Si vous n'êtes pas le destinataire visé ou la personne chargée de transmettre ce document à son destinataire, vous êtes avisé par la présente que toute divulgation, reproduction, copie, distribution ou autre utilisation de cette information est strictement interdite. Si vous avez reçu ce courriel par erreur, veuillez en aviser immédiatement l’expéditeur par téléphone ainsi que détruire et effacer l'information que vous avez reçue de tout disque dur ou autre média sur lequel elle peut être enregistrée et ne pas en conserver de copie. Merci de votre collaboration.
Notice of Confidentiality: This electronic mail message, including any attachments, is confidential and may be privileged and protected by professional secrecy. They are intended for the exclusive use of the addressee. If you are not the intended addressee or the person responsible for delivering this document to the intended addressee, you are hereby advised that any disclosure, reproduction, copy, distribution or other use of this information is strictly forbidden. If you have received this document by mistake, please immediately inform the sender by telephone, destroy and delete the information received from any hard disk or any media on which it may have been registered and do not keep any copy. Thank you for your cooperation.
 

-- 
R. Loyd Darby, OSSIM-OCSE
Project Manager DOC/NOAA/NMFS
Infrastructure coordinator
Southeast Fisheries Science Center
305-361-4297

Reply via email to