Highest Voted 'ossec' Questions - Server Fault Stack Exchange

10

votes

2 answers

OSSEC large scale deployment

We have a data-center and as a happy OSSEC user I am trying to convince my management to use it for host intrusion detection. However I have never deployed it on more than a handful of servers and I am not sure if it does scale. Anyone has deployed…

ids ossec

asked May 12 '12 at 17:37

lisa1987

871
1
9
17

7

votes

1 answer

OSSEC integrity checksum alert - what caused the change?

Recently installed OSSEC on Linux machine to test. Most results are expected, however yesterday I received emails with a number of notifications about Integrity checksum changing on files such as /usr/bin/whoami /usr/bin/md5sum /usr/bin/ls …

linux ossec

asked Nov 19 '10 at 01:07

Eureka Ikara

309
5
11

6

votes

4 answers

OSSEC disk space usage

A few days ago I noticed that the disk of my Ubuntu server was almost full. I dug a bit and found out that the disk space was used by OSSEC, in the /var/ossec/queue/diff folder. I wanted to try something immediate so I deleted the contents of this…

ubuntu security disk-space-utilization ossec

asked May 07 '15 at 07:31

Sinklar

93
1
6

4

votes

1 answer

Postfix Send only Without a FQDN

I'm using OSSEC and Nagios to build a sort of HID system on our network. Everything is going smoothly so far; however I cannot get OSSEC to send email alerts. What I'm trying to do right now is get postfix to send out emails and then have OSSEC use…

postfix fqdn ossec

asked Dec 26 '15 at 01:55

Ryan

143
1
3

4

votes

0 answers

How/where does one get a version of the OSSEC agent-auth application that will run on Windows?

I have successfully configured an OSSEC server running on Ubuntu in AWS. I have also successfully automated Ubuntu AWS instances automatically installing the OSSEC agent and connecting to the OSSEC server via this command /var/ossec/bin/agent-auth…

windows ossec

asked Dec 18 '15 at 23:31

Chris

81
1
6

3

votes

1 answer

Suppress OSSEC email for failed root ssh

I'm running OSSEC as a HIDS on a Ubuntu 12.10 server, and it routinely (3-4x a day) sends me a notification like this: (note the last octet of the IP address has been changed to 'xxx' to protect the guilty) OSSEC HIDS Notification. 2013 Nov 21…

ubuntu authentication ubuntu-12.10 ossec

asked Nov 21 '13 at 23:37

tkrajcar

163
6

3

votes

2 answers

OSSEC: Unblock an IP and increase tresshold

I just set up OSSEC, but I accidentally shut myself out already from my home ip. So does OSSEC have a function to unblock an IP after it is blocked or do I need to do this manually in iptables ? Also does OSSEC provide a way to temporary ban IP's ?…

debian ossec

asked Feb 03 '12 at 22:32

Lucas Kauffman

16,818
9
57
92

3

votes

1 answer

PID ran away with all our MEM and SWAPPED hard - OSSEC RHEL

Forgive me for the length of this question... it is mostly details... only attempt to follow if you also enjoy reading log files... or drinking coffee. I'll state the questions first: 1) how the heck did a nano process fire off based on what…

redhat xen ossec

asked Jan 20 '11 at 21:41

Patrick R

2,925
1
18
27

2

votes

1 answer

How can I make the OSSEC server service start automatically on reboot?

I am running CentOS7 with OSSEC 2.9.2. Is there a way to make OSSEC automatically start the server after a reboot? Currently it appears to require that I run the ossec-control start after every reboot.

centos7 ossec

asked Dec 08 '17 at 16:28

JadedCore

121
1
6

2

votes

2 answers

OSSEC won't start, Error: queue not accessible

I'm trying to set up OSSEC on a CemtOS 6.5 server. This is to be installed as an agent, not a server or local instance. The package successfully installed and I created the clients.key file, but when I try to start the daemon I receive the error…

linux centos ossec

asked Aug 07 '14 at 23:38

Liam

164
2
6

2

votes

2 answers

Using OSSEC HIPS alongside rsyslog, overkill?

I have been tasked to harden our company linux servers. One of the problems that was outlined was the fact that logs are stored on the server which poses two problems: Difficult to aggregate and diagnose problems Not very secure, if a server is…

logging rsyslog ossec

asked Feb 23 '14 at 02:25

Rijndael

163
1
4

2

votes

4 answers

Simple application level file integrity monitoring & Intrusion detection (IDS)

We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a pretty good job at that. We have looked at…

intrusion-detection ids ossec ips tripwire

asked Aug 17 '13 at 13:06

Dev

21
2

2

votes

1 answer

What is the purpose of filtering egressing traffic (CSF)?

For a while now I am using CSF as main firewall with LFD, and OSSEC as main IDS. (I like OSSEC over the overreacting builtin IDS of CSF). I tested it for small DoS attacks such a slowloris variants and synfloods. Works fine. Apache is running with…

centos csf ossec traffic-filtering

asked Jun 09 '12 at 12:03

BTZ

23
4

2

votes

1 answer

OSSEC agent behind NAT

I am working on an OSSEC deployment where I will have multiple agents behind 1 public IP. Below is an example of the setup Private Network OSSEC-Agent1 (192.168.1.10) OSSEC-Agent2 (192.168.50.33) OSSEC-Agent3 (10.10.10.1) Those IPs…

linux security ossec

asked Jun 07 '12 at 21:22

Eric

1,373
3
17
33

2

votes

1 answer

Ossec fields to Oracle DB

I would like some recommendations for the following problem. I use Ossec for log analysis. What I want, is after extracting the fields to save them in an Oracle database. For example, if I have this line IP:(\d+.\d+.\d+.\d+)@(\w+): (forcefield…

logging ossec

asked Apr 17 '12 at 12:22

Nikolaidis Fotis

1,994
11
13

Questions tagged [ossec]