Sorry, I thought you were using default OSSEC rootchecks (debian, redhat, etc). That is the reason I recommend you to use rootchecks with tags (groups). My bad.
I will try the *cis-ubuntu-ansible* rootchecks. On Friday, February 26, 2016 at 12:00:12 PM UTC+1, Pedro S wrote: > > Hi, > > I am not familiar with *cis-ubuntu-ansible* but you can try to debug > OSSEC log to inspect what exactly is blocking the contact. > > Open internal_options.conf and set: > > remoted.debug=2 > syscheck.debug=2 > analysisd.debug=2 > logcollector.debug=2 > # Unix agentd > agent.debug=2 > > Restart and review what is happening. You can try a standard telnet > remoteserver 1514 to see if your host can really send messages using 1514 > UDP. > > By the way, as Jesus says, if you need CIS tagging on OSSEC rootchecks use > that rootchecks. > > On Friday, February 26, 2016 at 8:06:56 AM UTC+1, Barry Kaplan wrote: >> >> I am trying to harden up our instances, but I find that after applying >> these controls the agent can longer contact the agent via UDP. >> >> I'm still trying to figure out exactly which bit is to blame. Has anybody >> else used the CIS controls on the same instance as OSSEC? >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
