On Fri, Jun 14, 2013 at 6:42 AM, Adam <[email protected]> wrote:
> As a small aside:
>
> What OS are the test systems you use for developing OSSEC? as on a previous
> thread you said it was hard to get solaris testers. I'm currently setting up
> a VM as a dedicated OSSEC server, and could easily swap to CentOS or Ubuntu
> for this, if this will be quicker/more robust.
>
I can't speak for anyone else, but I generally use OpenBSD. I
occasionally use various linuxes and rarely boot the Solaris VMs.
> Some agents would be required on solaris boxes, but do you need to add DB
> support on agents or just the server?
The DB stuff is server only.
> If so for these I could possibly go agentless, I've modified
> ssh_integrity_check_linux to perform agentless checks on solaris, using:
>>
>> # as SSH_integrity_check_linux
>>
>> send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do tail
>> \$i>/dev/null 2>&1 && md5=`digest -a md5 \$i` && sha1=`digest -a sha1 \$i`
>> && fileInf=`ls -ldAn \$i | awk '{ printf \"%d:%s:%d:%d\", \$5, \$1, \$3,\$4
>> }'` && echo FWD: \$fileInf:\$md5:\$sha1 \$i ; done; exit\r"
>
>
> (cant figure out a way to get octal permissions to fully replace stat... but
> ossec seems to pick up diffs on string permissions and notify of changes.)
>
> I also made a seperate script to pass logs to the server based on yesterdays
> date (so only really runable every 24 hours) which seems to work.
>>
>> # as SSH_integrity_check_linux
>>
>> # calculate date as expect variable and pass to bash
>> set ymonth [clock format [clock scan "2 days ago"] -format "%b"]
>> set yday [clock format [clock scan "2 days ago"] -format "%e"]
>> set yesterday [format "%s %d" $ymonth $yday]
>>
>> # altered this file to make it use LOG:
>>
>> send "echo \"INFO: Starting.\"; for i in `find $args 2>/dev/null`;do tail
>> \$i>/dev/null 2>&1 && while read line; do ValidLine=`echo \$line|grep
>> \"$yesterday\"` && echo LOG: \$ValidLine; done <\$i;done; exit\r"
>> send "exit\r"
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
