On Wed, Apr 26, 2017 at 3:31 PM, Phil Porada wrote:
> Hi,
>
> I'm running OSSEC 2.9.0. I'm unable to get the rootcheck to run the
> rootcheck_files, rootcheck_trojans,a and system_audit on an agent that has
> its config pushed out via the server. I'm not sure what I'm doing
On Wed, Apr 26, 2017 at 9:51 PM, Nikki Sridhar wrote:
> There shouldn't be! Only system integrity configuration is enabled and that
> runs every 20 hours . Real time system integrity check is enabled for 3
> directories.
>
Turn on the log all option on the server and
On Thu, Apr 27, 2017 at 12:08 PM, Anoop Perayil wrote:
> Observed that the server initiates a connection to the client when we
> restart Syscheck/Rootcheck on an agent like -
> ./agent_control -r -u 001
>
> a tcpdump on the agent shows -
> 15:59:22.034966 IP x.x.x.x.1514 >
For anyone curious it was an incredibly simple fix :(. Apparently if any
active-responses in your ossec.config file are disabled, it will disable
all of the active responses. I had 4 enabled and 1 disabled, but because of
that 1, they all were disabled.
On Wednesday, April 19, 2017 at 3:42:46
Observed that the server initiates a connection to the client when we
restart Syscheck/Rootcheck on an agent like -
./agent_control -r -u 001
a tcpdump on the agent shows -
15:59:22.034966 IP x.x.x.x.1514 > x.x.x.x.48902: UDP, length 73
--
---
You received this message because you are
It may be worth investigating an upgrade to OSSEC 2.9.0.
According to the changelog, there's 2 potentially useful fixes that may
help you out https://github.com/ossec/ossec-hids/releases
- Avoids computing hashes multiple times to improve performance
- Syscheck improvements
OSSEC HIDS v2.8.3. 8 GB of RAM and 4 CPU cores VM.
On Wednesday, April 26, 2017 at 10:23:02 PM UTC-4, Phil Porada wrote:
>
> What version of OSSEC are you running? What specs does the server node
> have?
>
--
---
You received this message because you are subscribed to the Google Groups
OSSEC will detect the DoS attack only if it is monitoring a log file which
contains an event related to DoS and probably you will have to create some
decoders/rules.
Regards.
On Wednesday, April 26, 2017 at 9:35:44 PM UTC+2, dan (ddpbsd) wrote:
>
> On Wed, Apr 26, 2017 at 3:27 PM, Sargeras