thanks for your answer i don't use host-deny bur only AR, and i was talking about: CVE-2015-3222 http://www.ossec.net/?p=1198
i read "This issue does not affect agents" and for me it was not clear if you can go for root escalation via sys check only on the server or if you don't need to upgrade the agent. It miss some details... after reading this http://osdir.com/ml/opensource-software-security/2015-06/msg00089.html 1. A vulnerable version is in use. 2. The OSSEC agent is configured to use syscheck to monitor the file system for changes. 3. The list of directories monitored by syscheck includes those writable by underprivileged users. 4. The "report_changes" option is enabled for any of those directories. for the fourth it is not enable by default. sorry for the noise, but when you have a lot of agents ... it changes everything in your calendar ----- Mail original ----- De: [email protected] À: [email protected] Envoyé: Lundi 22 Juin 2015 14:27:04 Objet: Re: [ossec-list] Upgrade from 2.8 to 2.8.2 I just ugrade 2.8.1 to 2.8.2, and doubled-checked that all is just fine. I had to fix the "spaces" bug before initiating the upgrade. -- finid On 2015-06-22 03:38, [email protected] wrote: > no one, even on one of the questions ? > i can't test all the possibilities that could wrong and read all the > github on changes > thanks > > ----- Mail original ----- > De: [email protected] > À: [email protected] > Envoyé: Jeudi 18 Juin 2015 09:34:32 > Objet: [ossec-list] Upgrade from 2.8 to 2.8.2 > > hello > i have a few questions before upgrade: > > - Did someone test the upgrade from 2.8 to 2.8.2 ? > - Did it affect active response ? the changes are only in the > vulnerabilities correction ? > - I don't need to upgrade all the agents ? > > I test the upgrade on a test server, but i don't want any bad effect in > dropping > or break. > thanks > > -- > > --- > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
