On Tue, Jun 23, 2015 at 5:45 AM, <[email protected]> wrote: > thanks for your answer > i don't use host-deny bur only AR, and i was talking about:
The host-deny.sh script is an active response script. > CVE-2015-3222 > http://www.ossec.net/?p=1198 > > i read "This issue does not affect agents" and for me it was not clear if you > can go for root escalation via sys check only on the server > or if you don't need to upgrade the agent. > It miss some details... > after reading this > I thought it affected agents as well, but I can't remember if I tested it on an agent or a server. It should be relatively simple to test though. > http://osdir.com/ml/opensource-software-security/2015-06/msg00089.html > > 1. A vulnerable version is in use. > 2. The OSSEC agent is configured to use syscheck to monitor the file > system for changes. > 3. The list of directories monitored by syscheck includes those writable > by underprivileged users. > 4. The "report_changes" option is enabled for any of those directories. > > for the fourth it is not enable by default. > sorry for the noise, but when you have a lot of agents ... it changes > everything in your calendar > > > ----- Mail original ----- > De: [email protected] > À: [email protected] > Envoyé: Lundi 22 Juin 2015 14:27:04 > Objet: Re: [ossec-list] Upgrade from 2.8 to 2.8.2 > > I just ugrade 2.8.1 to 2.8.2, and doubled-checked that all is just fine. > > I had to fix the "spaces" bug before initiating the upgrade. > > > > -- > finid > > > On 2015-06-22 03:38, [email protected] wrote: >> no one, even on one of the questions ? >> i can't test all the possibilities that could wrong and read all the >> github on changes >> thanks >> >> ----- Mail original ----- >> De: [email protected] >> À: [email protected] >> Envoyé: Jeudi 18 Juin 2015 09:34:32 >> Objet: [ossec-list] Upgrade from 2.8 to 2.8.2 >> >> hello >> i have a few questions before upgrade: >> >> - Did someone test the upgrade from 2.8 to 2.8.2 ? >> - Did it affect active response ? the changes are only in the >> vulnerabilities correction ? >> - I don't need to upgrade all the agents ? >> >> I test the upgrade on a test server, but i don't want any bad effect in >> dropping >> or break. >> thanks >> >> -- >> >> --- >> You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
