OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. (from www.ossec.net)
Questions tagged [ossec]
73 questions
0
votes
0 answers
ossec 2.7.1 won't update on servers
I'm trying to update ossec machines setup as servers from 2.6 and 2.7 to 2.7.1.
I download the ossec-hids-2.7.1.tar.gz, extract it, and run the ./install.sh. It recognizes there's a previous version, asks me if I want to update, then asks me if I…
dan
- 323
- 1
- 5
- 16
0
votes
2 answers
OSSEC as a SIEM
I am working on a log aggregation project and wanted to add some minor correlations/security intelligence to the mix.
Currently I have logs from ~400 servers coming into a syslog-ng box. I was looking into a few programs such as SEC (Simple Event…
Eric
- 1,373
- 3
- 17
- 33
0
votes
1 answer
OSSEC "unable to retrieve alerts"
I try to learn about Ossec, but, when i access to the Ossec web UI in the Main tab, Ossec shows me:
"unable to retrieve alerts"
I see the alerts.log file and i can read different problems.
Why i can't see the alerts in the web?
For more…
madrikeka
- 23
- 7
0
votes
1 answer
how does OSSEC agent detects signature/alerts?
Can someone explain how does ossec agent in an active response config detects or responds to events (e.g scan attempt on web-server 404 status code).
I know that the below xml block at the server ends fire up the response on agent end. But all the…
iloveyouga
- 3
- 4
0
votes
1 answer
Ossec tests and verification
I have just installed OSSec accordingly as the server. When it asked for my email I put in my GMail address and for the SMTP I was not sure so I just set it as localhost first. Then it runs a number of commands accordingly. Finally it states…
new14
- 187
- 3
- 9
0
votes
1 answer
Email sending script from address is invalid
i am sending email notifications from OSSEC active response script firewall-drop.sh, but when the email is sent through it, the FROM address is like this
-@mydomain.com
it should be ossec@mydomain.com or root@ossec.mydomain.com
As the script is…
Farhan
- 4,210
- 9
- 47
- 76
0
votes
1 answer
ossec email alerts
Just installed ossec and sendmail however can't able to get alerts to my gmail from ossec. I am able to see the alerts on the sendmail localhost, however alerts seem to be not forwarding to gmail.
user117642
- 1
- 1
0
votes
1 answer
OSSEC HIDS Notification emails every five minutes from server
My server is sending me the below error message to my email every five minutes:
OSSEC HIDS Notification.
2011 Jun 17 16:30:03
Received From: ubuntu->/var/log/syslog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of…
aarru
- 29
- 1
- 5
0
votes
2 answers
HOw to know if files md5 chnaged by virus or system itself centos
I installed OSSSEC to very files have chnaged or not.
But sometimes it is giving me false waring and integrity checksums like following files have chnaged.
How can i makesure that files are chnaged system not by virus itslef. It is very…
John
0
votes
1 answer
CAn not open port 1514 in ubuntu iptables
I am installing OSSEC and it says that i need to open port 1514 and 514 in firewall.
Now i have added the rule for port 1514 but i still can't get coonect if i use telney like
ossec-hids-2.5]# telnet 192.168.1.95 1514
Trying 192.168.1.95...
telnet:…
John
0
votes
0 answers
How to analyze/monitor OSSEC logs on Ubuntu
I'm using OSSEC server to monitor machines with OSSEC agents, which monitor this login via SSH, file creation, etc.
I have configured OSSEC to send an email when it detects a problem, but this control mode is very bad for data control and…
Tom
- 217
- 3
- 12
0
votes
1 answer
How to make OSSEC send email when it is stopped?
OSSEC sends an email when it is started, but not when it is stopped. So, if someone would somehow get access to the server, he could just stop the OSSEC and do whatever he wants without me knowing it. Or am I missing something?
Mika
- 141
- 1
- 7
-3
votes
1 answer
How can ossec handle a virus that already spread into the deepest system?
As far as I know, OSSEC is a Open Source HIDS. It's a "Detection System". I read in journals, it collect logs and flag any anomaly that had been found in a system ( e.g. Debian Server ) and do some action with it.
Some of the OSSEC's rules, there's…
Gagantous
- 89
- 1
- 2
- 10