.
NOTE: This works for my setup, and didn't break anything (that I have
seen so far). That's not to say that it wouldn't fubar your setup.
What's the acronym? YMMV. :)
-Chuck (MdMonk)
On 8/31/07, Joel Gray [EMAIL PROTECTED] wrote:
Hi all,
I am running into the same issue. I tried various
Hi all,
I am running into the same issue. I tried various combinations
including setting the type to var_log_t,httpd_log_t and others and
changing the user to system (basically setting the enforcement as the
httpd logs) but all to no avail.
Has anyone had any luck with it? For the time being
/etc/ossec.conf ? The update probably removed it from there
(yes, this is something we need to fix)...
Let us know if it fixes or not..
--
Daniel B. Cid
dcid ( at ) ossec.net
On 9/13/06, Joel Gray [EMAIL PROTECTED] wrote:
Hi all,
I'm getting an alert on an internal server that, at one point, I
Daniel,
I've disabled the active-response because it was blocking IP's that, due
to our circumstances, we did not want. We have 1 server on the public
networks that serves as a mail-forwarder and DNS machine. I would like
to use active response on this one when it detects attempts based on ssh
Hello
everyone,
We recently set up
OSSEC HIDS using the client/server model. So far things have been working
fairly well and it is looking like a good however there is a circumstance on one
web server where a buggy source control client causes several 400 errors in a
short timeframe
Thanks for the quick response! That looks like exactly what we needed.
-Joel
-Original Message-
From: ossec-list@googlegroups.com [mailto:[EMAIL PROTECTED]
On Behalf Of Daniel Cid
Sent: Monday, August 14, 2006 2:30 PM
To: ossec-list@googlegroups.com
Cc: Joel Gray
Subject: [ossec-list