It's a very small section of code. Comment it out and recompile.
On Fri, Jul 29, 2011 at 8:15 PM, Joe Gedeon <[email protected]> wrote: > How can the be done now? We have just moved to all central agents and > need this feature to work. > > Joe > > On Fri, Jul 29, 2011 at 18:21, dan (ddp) <[email protected]> wrote: >> Sorry for asking for the agent.conf. This is a change that was made. >> Commands can no longer be configured through the agent.conf. >> https://bitbucket.org/dcid/ossec-hids/changeset/392c217c553b >> I'm not entirely sure why, but that's the way it is. >> >> On Fri, Jul 29, 2011 at 12:24 PM, BP9906 <[email protected]> wrote: >>> <agent_config os="Windows"> >>> <syscheck> >>> <!-- <frequency>31557600</frequency> --> >>> <scan_time>01:15</scan_time> >>> <scan_on_start>no</scan_on_start> >>> >>> </syscheck> >>> >>> <localfile> >>> <log_format>full_command</log_format> >>> <command>ver | find "5.0" >nul || reg QUERY HKLM\System >>> \CurrentControlSet\Enum\USBSTOR</command> >>> </localfile> >>> >>> <localfile> >>> <log_format>full_command</log_format> >>> <command>netstat -an | find "LISTEN" | find /V "127.0.0.1"</ >>> command> >>> </localfile> >>> >>> </agent_config> >>> >>> >>> On Jul 29, 9:03 am, "dan (ddp)" <[email protected]> wrote: >>>> Can you provide the agent.conf? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> On Fri, Jul 29, 2011 at 11:32 AM, BP9906 <[email protected]> wrote: >>>> > Figured out that 2.6 doesnt like the full_command agent.conf section >>>> > and thats a bug. Reverting to 2.5.1 resolves the issue. >>>> >>>> > On Jul 28, 9:04 am, BP9906 <[email protected]> wrote: >>>> >> Hello, >>>> >> I added a few windows changes to the agent.conf file. After waiting a >>>> >> few hours for the agent.conf to get updated, I restarted the agent and >>>> >> noticed an odd error in the ossec.log: >>>> >>>> >> 011/07/28 08:44:33 ossec-agent: Received exit signal. >>>> >> 2011/07/28 08:44:33 ossec-agent: Exiting... >>>> >> 2011/07/28 08:44:33 ossec-agent: Remote commands are not accepted from >>>> >> the manager. Ignoring it on the agent.conf >>>> >> 2011/07/28 08:44:33 ossec-agent(1202): ERROR: Configuration error at >>>> >> 'shared/agent.conf'. Exiting. >>>> >> 2011/07/28 08:44:33 ossec-execd(1350): INFO: Active response disabled. >>>> >> Exiting. >>>> >> 2011/07/28 08:44:33 ossec-agent(1410): INFO: Reading authentication >>>> >> keys file. >>>> >>>> >> Oddly enough, different machine with 2.5 does not show this and has >>>> >> the same md5 agent.conf. >>>> >>>> >> I'm in process of downgrading the 2.6 agent to 2.5 and confirm >>>> >> resolution. >>>> >>>> >> Any ideas whats going on here? >> > > > > -- > Registered Linux User # 379282 >
