OSSEC

OSSEC

About the OSSEC Group

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time... more »
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. Please join this group if you are one of the many people who use this powerful tool. « less

Have something to say?

Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.

Join LinkedIn

Most Popular Discussions

Bob W.

Bob

How often OSSEC rootcheck database update? Where i can get a new version of the rootchek database?

posted 15 days ago

Jason P. 12 days ago • Edit I update my entire OSSEC installation periodically to ensure I get all of the updated rules, decoders, etc. I'm working on a tips for OSSEC ... »
See all 3 comments »
Dan P. Carlos A. Jason P.
Rajendra M.

Rajendra

What would be the cost for OSSEC HIDS training for 2 days ?

posted 1 month ago

JB C. 1 month ago • Edit Are you talking about on-site training, in India? »
See more »
JB C.
Ciaran O.

Ciaran

OSSEC Update Schedule?

Hi Folks. I've been using OSSEC on a RHEL 6 test system for 6 weeks now. It appears quite stable. Updating Iptables with block rules can ...

posted 4 months ago

JB C. 2 months ago • Edit If there are critical bugs affecting multiple users, I propose we work together to combine them into the next release (say, 2.6.1). »
See all 8 comments »
Michael S. Ciaran O. JB C.
Rakesh P.

Rakesh

windows shutting down events--false positive!?

Any ideas why ossec is triggering this events even though the sytems are NOT shutting down
Removed system name and ip address for ...

posted 9 months ago

JB C. 2 months ago • Edit Good to know! Thank you, Starks. »
See all 4 comments »
Rakesh P. Federico D. JB C.
Anup S.

Anup

Hi , I am new to OSSEC . How do I configure alert to trigger from an SMTP server which has authentication enabled?

posted 3 months ago

Dan P. 3 months ago • Edit The easiest way is to configure the local system's mail daemon to forward the messages. Rewriting the functionality of existing packages seems a ... »
See more »
Peter A. Dan P.
Satyanarayan M.

Satyanarayan

need basic idea how can i implement ossec on pfsense box?

posted 3 months ago

Marten V. 3 months ago • Edit Maybe you could build a package on freebsd machine: ... »
See more »
Edwin V. Marten V.
Hans S.

Hans

add exception for rootkit detection

Hi
Is it possible to add an exception for the rootkit detection of a file under /dev on a centos system (/dev/md/md-device-map?
grtz

posted 5 months ago

Dan P. 4 months ago • Edit Can you send more information to the mailing list? »
See more »
Dan P.
Satyanarayan M.

Satyanarayan

is it necessary to added a new daemon on the manager, called ossec-authd...

The complain I hear more often about OSSEC is related to how hard it is to setup the authentication keys between the agents and the manager. Each agent share a key-pair with the manager, so if you have a thousand agents, you...

posted 4 months ago

Dan P. 4 months ago • Edit What do you mean by "is it necessary?" You don't have to install that daemon if you don't want it, and even if you install it you don't have to ... »
See more »
Dan P.
Satyanarayan M.

Satyanarayan

Hi i am new to ossec wan to clone bitbucket ( http://hg.io/dcid/ossec-hids/src/43e8b41a8195/src/remoted/README) ,can you please guide me .

posted 4 months ago

JB C. 4 months ago • Edit Install Mercurial (http://mercurial.selenic.com/) first, then use the following command to clone ... »
See more »
JB C.
Paul L.

Paul

Windows Agent - problem with new file alerts

I have a bunch of Windows servers that I'm trying to get new file alerting working on, ideally in real time. However, I'm getting some ...

posted 5 months ago

Paul L. 5 months ago • Edit Yes, I enabled new file alerts in ossec.conf on the manager, and changed the rule in ossec_rules.xml to be level 7. ... »
See more »
Dan P. Paul L.
Peter A.

Peter

Detecting outdated web applications with OSSEC question

RE: http://dcid.me/2011/09/detecting-outdated-web-applications-with-ossec/Is there a way for each agent that detects outdated web ...

For the last few days I started working (again) on the system auditing module for OSSEC and one thing that can make it more useful is to detect outdated applications (specially web apps). Things like WordPress, Joomla, Wikis...

posted 6 months ago

Peter A. 5 months ago • Edit Good day, Dan: ... »
See all 6 comments »
Peter A. Dan P. Peter A.
Andrew H.

Andrew

OSSEC is now an open group

I am pleased to announce that, as the owner of this group, I have just switched us to an open discussion group. All future discussions ...

posted January 13, 2011

Gaetano P. 6 months ago • Edit Gaetano likes this. »
See all 3 comments »
Jeff M. Osioke O.
Peter A.

Peter

Question on http://dcid.me/2011/09/detecting-outdated-web-applications-with-ossec/ How do we pull the latest rule snapshot from...

posted 8 months ago

Dan P. 7 months ago • Edit According to the first result in google you can find it in the rpmforge repository. »
See all 6 comments »
Dan P. Peter A. Dan P.
Peter A.

Peter

How to trouble shoot rule errors?

OSSEC analysisd: Testing rules failed. Configuration error. Exiting.

How do I trouble shoot what failed?

Thank you.

posted 9 months ago

Gade M. 6 months ago • Edit Nice one peter »
See all 4 comments »
Peter A. Bradford S. Gade M.
Peter A.

Peter

Can an OSSEC rule be made to detect the latest Apache vulnerability being pushed on by one or more hackers?

If yes, what would the rule look like?

Free whitepaper – Effect of UPS on System...

posted 9 months ago

Peter A. 9 months ago • Edit Hi Michael: ... »
See more »
Michael S. Peter A.
Satish P.

Satish

I am looking for OSSEC commercial support and i called TrenMicro and those guys has no idea about this software.. What should i do now ?

posted January 26, 2011

Rakesh P. 8 months ago • Edit I had my procurement department get me a quote. They are expensive. 300 agents and one server...$28K. »
See all 7 comments »
David J. Randy L. Rakesh P.
Mike D.

Mike

OSSEC Use in VPS/Cloud Deployments

I'm wondering if there are any statistics or information available on OSSEC deployments in virtual hosting environments? With the ...

posted 9 months ago

Bud M. 9 months ago • Edit Hi Mike, ... »
See more »
Michael S. Bud M.
Peter A.

Peter

Problems joining Google Group for ossec user support

RE: http://www.ossec.net/main/support#ossec-listTo subscribe to the ossec-list, send an e-mail to ...

posted 9 months ago

Dan P. 9 months ago • Edit Go to http://groups.google.com/group/ossec-list?lnk=srg and use the "Join this group" link on the right. »
See more »
Dan P.

About this Group

  • Created: September 25, 2007
  • Type: Professional Group
  • Members: 1,025

Manager's Choice

Andrew H.

OSSEC is now an open group

Andrew H. See all »

Ad

Group Statistics

CHECK OUT INSIGHTFUL STATISTICS ON THIS GROUP

  1. Director
  2. Manager
  3. Entry
MEMBERS
3,759
View Group Statistics »