Hello all,
I am trying to write a rule in OSSEC to look at /var/log/authlog and alert
on lines that show a RSA key. In my environment we only use ssh keys to
remote on and when somebody login via root i would like OSSEC to show the
SSH key used. Right now i am using the analogi GUI with OSSEC
Ok So i figured out my own question, i will go ahead and use make custom
active response rules to run my script:
http://ossec-docs.readthedocs.org/en/latest/manual/ar/ar-custom.html
On Thursday, May 21, 2015 at 8:13:45 AM UTC-4, capli...@gmail.com wrote:
Hello,
I was wondering if what is
Great! I ‘ll give it s shot and see if I can get it working.
Thanks
---
Bryan K. Carter
From: Grant Leonard
gr...@castraconsulting.commailto:gr...@castraconsulting.com
Reply-To: ossec-list@googlegroups.commailto:ossec-list@googlegroups.com
Hello,
I was wondering if what is suggested in the subject line is possible ? My
company wishes to instead of having an email sent out, to have OSSEC run a
python script I have created to connect back in to our Ticketing system API
and create a incident based off of a OSSEC alert. I was
I wasn't aware that agent-auth works in Windows, I know some people have
written things to make it work
Here is some code you can try
https://github.com/sedarasecurity/ossec-agent-auth/blob/master/build.sh
I am sure there others out there as well, typically we use a mass deploy
script
Hi,
I having ossec-execd running as (new) user ossece.
For the Latest Stable Release (2.8.1)
On agent:
# ps aux | grep ossec
ossece 21669 0.0 0.0 12564 504 ?S10:57 0:00
/opt/ossec/bin/ossec-execd
ossec21673 0.0 0.0 12888 932 ?S10:57 0:01
Hi,
I don't often write to the group (I'm following it closely) but today, I've
a question...
I'd like to trigger an Active-Response script on the _server_ for _any_
alert (ex with level 10).
I don't want to deply the script on all agents.
At the moment, here is my active-response config (for
Thanks for sharing Sebastian.
On Thu, May 21, 2015 at 5:32 AM, skotthof
sebastian.kotth...@rz.uni-mannheim.de wrote:
Hi,
I having ossec-execd running as (new) user ossece.
For the Latest Stable Release (2.8.1)
On agent:
# ps aux | grep ossec
ossece 21669 0.0 0.0 12564 504 ?
Bryan,
Do you need help compiling the source code for the Windows agent?
I was able to muddle my way through the process of this and can offer some
assistance if that was your question.
Looking through my .bash_history - it looks like the following commands got
me there. This is on the