Let me know if I can help with testing. I'm working on feeding all
syslog, bro-ids, argus, nagios, etc to ossec-hids.
-Chuck
On Friday, April 29, 2011, Seth Hall wrote:
> On Apr 29, 5:40 pm, "dan (ddp)" wrote:
>
>> Is this the 1.6 branch? Sounds really nice! Can't wait.
>
> Yes, we're hoping t
How about saying it's "astronomically improbable." :)
-Chuck (MdMonk)
On Mon, Dec 20, 2010 at 1:58 PM, Erik wrote:
> Hello,
>
> Technically traffic can be sniffed yes but it would require
>
> 1) allot of cpu power and memory
> 2) heaps (tons of heaps) of patie
Thanks Daniel! OSSEC Rules! :)
-Chuck (MdMonk)
On Thu, Oct 21, 2010 at 9:31 AM, cristian paul peñaranda rojas
wrote:
> Thanks Daniel Cid for making security logs analisis fast and reliable ! :)
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.1
Wow...your "signature" portion of the email is longer than most emails. :)
In the email header there is an unsubscribe link. It worked just now when I
tried (had to resubscribe again).
-Chuck (MdMonk)
On Fri, Jul 30, 2010 at 8:49 PM, Thomas M. Jett wrote:
> I joined this list a
Last year after April Fools Day, some of us in irc discussed an April Fools
joke that ossec could play.
We were going to announce the availability of 'ossec-daughter'; a new ossec
process to monitor and protect daughters from "handsy" boyfriends. :)
Drat...would've been kinda funny. :)
-Chuck
Doesn't look like you have all of the Xcode dev environment installed. Is
the SDK(s) installed?
-Chuck
On Thu, Dec 17, 2009 at 12:49 PM, oscar schneider wrote:
> Hi,
>
> today I was asked to install an OSSEC agent on a MacBook with MacOS X,
> however it didn't go too well and after answering all
Awesome! Glad it's working for ya. *And* it required no further thinking on
my part! w00t! (lazy friday for this cat). :)
-Chuck (MdMonk)
On Fri, Apr 24, 2009 at 7:38 AM, Aservire wrote:
>
> Thanks for the reply... here is the version info.
> Apache
> httpd-2.2.3-22.el5.c
What versions are you running of: ossec, apache, php? Are you running
mod_security on your webserver? What about selinux? Are you running that?
-Chuck (MdMonk)
On Thu, Apr 23, 2009 at 2:10 PM, Aservire wrote:
>
> Hi,
>
> I've followed the installation tutorial on the wiki
pwn'd
On Wed, Apr 15, 2009 at 9:36 AM, Kevin Wilcox wrote:
>
> 2009/4/14 :
>
> > H
> > hello plz can u help me about the ossec , as i am new to this i am
> > unable to get ,
> > please give the answer for this question.
> >
> > OSSEC is capable of performing the following system-level checks
.bash_history isn't updated until the shell is exited.
-Chuck
On Thu, Apr 2, 2009 at 10:07 PM, OSSEC junkie wrote:
> It is Nix. I hope this will work out. Has anyone else spoke of this?
>
>
> On Wed, Apr 1, 2009 at 5:04 PM, Michael Starks <
> ossec-l...@michaelstarks.com> wrote:
>
>>
>> OSSEC
Check in /usr/local/ossec/bin
When you specified to install it into /usr/local/, it more than likely
installed ossec in /usr/local/ossec.
-Chuck
On Wed, Mar 18, 2009 at 11:39 AM, wrote:
>
> Hi,
>
> I installed ossec v2 on Redhat Linux in /usr/local directory and it is
> installed successfully.
I pronounce it "O-S-Sec Hids" (4 total syllables); or just "O-S-Sec" (3
syllables). Unsure if that is correct, but that my answer and I'm sticking
to it. :)
- Chuck (MdMonk)
On Mon, Dec 22, 2008 at 10:37 AM, Daniel Cid wrote:
>
> Hi John,
>
> I pronoun
2-27 17:38 README.search
-rwxr-xr-x 1 www-data www-data 1824 2008-02-29 12:21 setup.sh
drwxr-xr-x 2 www-data www-data 4096 2008-10-28 11:09 site
drwxrwxrwx 2 www-data www-data 4096 2008-10-28 11:09 tmp
-Chuck (MdMonk)
On Tue, Oct 28, 2008 at 8:53 AM, Mario Zerbe <[EMAIL PROTECTED]>
Do you have the "build-essential" package installed?
-Chuck
On Wed, Oct 22, 2008 at 11:42 AM, mustang <[EMAIL PROTECTED]> wrote:
>
> hi...i'm new to ossec.i have downloaded ossec v1.6.1 for ubuntu
> 7.10.During the installation of ossec,the following error
> appears..
>
>
> Error Making
I have localhost set for my smtp server in ossec, and it uses the
local smtp server to send alerts.
..
127.0.0.1
.
-Chuck (MdMonk)
On Tue, Sep 23, 2008 at 10:57 PM, cryogen <[EMAIL PROTECTED]> wrote:
>
> Greetings,
>
> I have a couple quest
he log(s):
File '/dev/shm/pulse-shm-3847568897' present on /dev. Possible hidden file.
--END OF NOTIFICATION
Do I have the line incorrect perhaps?
-Chuck (MdMonk)
On Tue, Sep 9, 2008 at 12:09 PM, Martin West <[EMAIL PROTECTED]> wrote:
>
> Sorry need new glasses, Im ru
Jason-
I was able to download the ossec-hids source form the link in your
email and it was valid/corrupted. Did you validate the download via
the checksums file?
http://www.ossec.net/files/ossec-hids-1.5.1_checksum.txt
[EMAIL PROTECTED]:/DG$ ls -l ossec-* | grep -v \.sig
-rw-rw-r-- 1 mdmonk
Sorry...I clicked send too quickly and didn't fix typos:
s/form/from;g;
s/corrupted/uncorrupted/g;
-Chuck (MdMonk)
On Tue, Jun 24, 2008 at 4:41 PM, MdMonk <[EMAIL PROTECTED]> wrote:
> Jason-
>
> I was able to download the ossec-hids source form the link in your
>
You probably just need the 'build-essential' package.
Make sure you have the 'universe' and 'multiverse' repositories enabled, then:
sudo apt-get install build-essential
That should install everything you need.
-Chuck (MdMonk)
On Wed, Apr 2, 2008 at 5:50 A
I have it running on Fedora 8 currently. Working like a champ; both
ossec-hids and ossec-ui.
-Chuck
On Tue, Mar 25, 2008 at 1:30 PM, ROB GID <[EMAIL PROTECTED]> wrote:
>
> Did anyone install OSSEC1.4 server with web UI 0.3 on Fedora 8 yet.
>
> My install is working fine on Fedora 6.I just inst
ood thing. :)
Ossec has always been a great app, and continues to improve on it's past
successes. Thanks go to Daniel and the developers on this project. w00t!
/me tosses his 2 cents on the table
-Chuck (MdMonk)
On Jan 14, 2008 3:16 AM, Verlag Neue Stadt <[EMAIL PROTECTED]> wrote:
&g
Not yet I haven't. I've compiled 1.4 on 3 diff Macs so far.
-Chuck
On Nov 13, 2007 7:36 AM, Reggie Griffin <[EMAIL PROTECTED]> wrote:
>
> I don't suppose anyone has seen this issue before?
>
> -Reggie
>
> MdMonk wrote:
> > I'll compile ossec o
I'll compile ossec on my Powerbook when I get home to see if I get the
same messages.
-Chuck
On Nov 1, 2007 11:53 AM, Reggie Griffin <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I am getting the following errors compiling v1.4 on a Mac G5(haven't
> tried earlier versions). Does anyone have
> advice
Does your ossec server have a live network connection (at the time of
the errors)?
I ran into a similar problem with a previous version/build (I haven't
tested whether 1.4 beta acts the same). If the ossec server didn't
have a network connection, I would get errors and failures on ossec
attemptin
f you know what dirs and files the web server needs to
access; then modify the chcon cmd as needed.
NOTE: This works for my setup, and didn't break anything (that I have
seen so far). That's not to say that it wouldn't fubar your setup.
What's the acronym? YMMV. :)
-Chuck (MdMon
That's an selinux message. Are you running selinux in "ENFORCING"
mode? If so, you will have to grant the web server proc read-access to
the ossec directory/log files.
What do you have in your /etc/sysconfig/selinux config file?
-Chuck (mdmonk)
On 8/13/07, Robert5156 <[EMAIL
will also
update your /etc/ossec-init.conf with the new information (ossec ver,
install date, blah).
Does that make sense?
-Chuck (MdMonk)
On 8/8/07, Peter M. Abraham <[EMAIL PROTECTED]> wrote:
>
> Greetings:
>
> Where can I find upgrade instructions for upgrading from 1.2 to
I just installed (upgraded from v1.2) ossec v1.3 on CentOS 5, Fedora 6
and 7, Windows XP, FreeBSD 6.1, and Mac OS X 10.4 PPC. All compiled
fine, and no issues so far.
-MdMonk (Chuck)
On 8/8/07, Rob Molsbee <[EMAIL PROTECTED]> wrote:
> As long as you have Xcode (gcc does the dirty
So
at least you are in good company John! :)
-Chuck (MdMonk)
On 7/4/07, John Ives <[EMAIL PROTECTED]> wrote:
>
>
>
> Actually, my thoughts on active response for windows were just part of a
> number of thoughts I have had recently on active response and ways to
> utilize it
There's talk of how to implement active-response on Microsoft Windows
systems. Something I had brought up was to use the "netsh" command.
-Chuck (MdMonk)
On 7/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>
> Can anyone suggest windows firewall that works with ossec?
>
> Regards,
> DM
>
>
Jens-
The snippet from my conf that applies is:
###
C:\Documents and Settings\All Users\Application
Data\Symantec\Symantec AntiVirus Corporate
Edition\7.5\Logs\%m%d20%y.log
syslog
###
The log format is set to "syslog" on my systems. Have you tried that yet?
-MdMonk (Ch
ls
destroys the admissibility of them (the logs) for the courts.
Any thoughts on this topic?
-Chuck (MdMonk)
On 5/23/07, Worawit Wang <[EMAIL PROTECTED]> wrote:
> Hi Daniel,
>
> Thanks for your answer. I get it now. Also sorry about my bad. While
> testing, I did a mistake.
>
> Her
Did you add your web server user (user that the web server runs as) to
the ossec group?
>From the wiki:
5- Add your web server user (apache, www or nobody) to the ossec group:
# vi /etc/group
..
From:
ossec:x:1002:
To (if your web server user is www):
ossec:x:1
evasion techniques might get past ossec.
-Chuck (MdMonk)
On 5/4/07, Worawit Wang <[EMAIL PROTECTED]> wrote:
Hi all,
Also I have a request about web rules. Can you modify OSSEC to matching url
rule case insensitively? Because it's very easy to evade detection, such as
using &
c.net/wiki/index.php/Modsecurity_samples
I hope that helps!
-Chuck
On 4/13/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
MdMonk a écrit :
> Thanks for the log entries. Could you post them to the wiki? That way
> more folks have access to em, and might be able to help with writ
Is the mac being nat'd?
When you do a netstat -an | grep 1514 (on the mac) do you see a
connection entry?
-Chuck
On 1/18/07, Pankaj Jaiswal <[EMAIL PROTECTED]> wrote:
Hello all,
I am having problem with mac agent:
Mac osx agent cannot communicate with the Linux server.
ossec.log :
2007/0
I wasn't sure if anyone had said anything about the OSSEC users
showing up in the Login window on OSX. I didn't want them showing up
as accounts to log on to the box with, so I've hidden them using the
following command:
/usr/bin/sudo /usr/bin/defaults write
/Library/Preferences/com.apple.loginw
37 matches
Mail list logo