yes, it work!!!
thinks a lot and very much : )
On Tuesday, November 27, 2012 12:18:39 PM UTC+8, dan (ddpbsd) wrote:
Put the file in the ossec dir somewhere, and rederence it by that chroot
point. For instance, put it in /var/ossec and run
/var/ossec/bin/manage_agents -f /FILE
The
Hi All ,
I'm trying my hand at writing ossec rules
i created a custom rule to capture failed login attempts on linux machine
in /var/ossec/rules/local_rules.xml
group name=syslog,sshd,
rule id=100123 level=10 frequency=3
match^authentication failure/match
groupauthentication_failed/group
Dear support,
if i past the key on the ossec agent in which file the agent write this key
?
wher can i find the key after past?
Best rgards
Dear support,
i need to install ossec-agent on 500 machine .
have you an idea please about a cental solution to install the agent on
all machines without acced ssh for each machine and install the agent,
configure agent because it will take a lot of time
Best regards
Dear support,
have you please a tutorial to automaticate the install of agent on my all
machine trough puppet
Best regards
Hi,
We want to check for hardening and one of our Windows hardening rules is to
rename the Administrator account and create a decoy Administrator account,
not part of any group and disabled.
One of the things we want to check is to see if the Administrator account
is enabled on Windows
have a tutorial please ,
because i would like install the assec-gent on 500 asset
Best regards
On Tue, Nov 27, 2012 at 2:42 AM, Shaun saravana...@gmail.com wrote:
Hi All ,
I'm trying my hand at writing ossec rules
i created a custom rule to capture failed login attempts on linux machine in
/var/ossec/rules/local_rules.xml
group name=syslog,sshd,
rule id=100123 level=10 frequency=3
On Tue, Nov 27, 2012 at 6:57 AM, rezgui mohamed rezgui...@gmail.com wrote:
Dear support,
have you please a tutorial to automaticate the install of agent on my all
machine trough puppet
Best regards
We do not have a tutorial, but I can't imagine it would be too hard.
Use a binary package. Use
On Tue, Nov 27, 2012 at 7:02 AM, Michiel van Es vanesmich...@gmail.com wrote:
Hi,
We want to check for hardening and one of our Windows hardening rules is to
rename the Administrator account and create a decoy Administrator account,
not part of any group and disabled.
One of the things we
On Tue, Nov 27, 2012 at 4:41 AM, rezgui mohamed rezgui...@gmail.com wrote:
Dear support,
if i past the key on the ossec agent in which file the agent write this key
?
wher can i find the key after past?
Best rgards
You get the key from the manage_agents program on the server, and
paste it
Here is a copy of my ossec manifest. I've built a RPM to install OSSEC
through puppet, and I use auto-registration to install agents clients on my
unix hosts:
class node_security::ossec::agent {
# Define variables
$ossec_server = extlookup(ossec_server)
# Install
On Friday, November 23, 2012 7:20:44 AM UTC-6, dan (ddpbsd) wrote:
etc/local_decoder.xml:
decoder name=zabbix
prematch^Zabbix Server[\d+]: /prematch
/decoder
decoder name=zabbix-check-failed
parentzabbix/parent
regex offset=after_parentSending list of active checks to
On Tue, Nov 27, 2012 at 11:14 AM, Scott wa6...@gmail.com wrote:
On Friday, November 23, 2012 7:20:44 AM UTC-6, dan (ddpbsd) wrote:
etc/local_decoder.xml:
decoder name=zabbix
prematch^Zabbix Server[\d+]: /prematch
/decoder
decoder name=zabbix-check-failed
parentzabbix/parent
True, and the messages look horrible, with double headers.
My current idea is to run a remote on an agent -- remoted sends to
queue/ossec just like logcollector, so agentd should simply forward them on
to the server.
Am I crazy?
To reiterate: I am trying to forward syslog udp 514 output from a
What do you manage these machine with currently? What is the client OS?
Do you have a system management platform like Puppet or Group Policy in place?
This question has been asked many times on this board, please search the
archives for great solutions!
Scott
On Nov 27, 2012, at 3:16 AM,
Something like this might be a better tool for your needs:
SSA - Security System Analyzer 2.0
http://code.google.com/p/ssa/
You could tie it into OSSEC with the full_command option.
If all you need to t o determine the Admin account status, then use a
PowerShell command in full_command.
Scott
A newer resource fro SCAP scanning:
http://www.open-scap.org/page/Download
On Nov 27, 2012, at 6:18 AM, dan (ddp) ddp...@gmail.com wrote:
On Tue, Nov 27, 2012 at 7:02 AM, Michiel van Es vanesmich...@gmail.com
wrote:
Hi,
We want to check for hardening and one of our Windows hardening rules
On 27.11.2012 06:02, Michiel van Es wrote:
Hi,
We want to check for hardening and one of our Windows hardening rules
is to rename the Administrator account and create a decoy
Administrator account, not part of any group and disabled.
One of the things we want to check is to see if the
Hi guys,
depending on your needs, I:
- created deb package (for ossec 2.6) :
https://launchpad.net/~nicolas-zin/+archive/ossec-ubuntu
- grab rpm package (for ossec 2.6)
- create a puppet repo to install everything:
https://github.com/nzin/puppet-ossec (with automatic registration via
exported
Ok, thank you for your help :)
Sue
On Monday, November 26, 2012 12:43:30 PM UTC-6, dan (ddpbsd) wrote:
On Mon, Nov 26, 2012 at 12:48 PM, Sue susan@gmail.com javascript:
wrote:
Thanks for your consideration. Without the report_changes option can I
still
get an alert if there is a
21 matches
Mail list logo
