OSSEC

OSSEC

Have something to say?

Join LinkedIn for free to participate in the conversation. When you join, you can comment and post your own discussions.

NEW

You can now customize your view of the activity in this group by using these options in the dropdown to the left.

What's Happening

Get the true picture about what the group is talking about through a carousel of new topics and a ranked list of popular conversations with previews of the most recent activity.

Latest Discussions

Discover the new topics you want to participate in or follow via a simple comprehensive list.


You can change views as often as you like.

Most Popular Discussions

Anup S.

Anup

Hi , I am new to OSSEC . How do I configure alert to trigger from an SMTP server which has authentication enabled?

posted 15 days ago

Dan P. 13 days ago • Edit The easiest way is to configure the local system's mail daemon to forward the messages. Rewriting the functionality of existing packages seems a ... »
See more »
Peter A. Dan P.
Satyanarayan M.

Satyanarayan

need basic idea how can i implement ossec on pfsense box?

posted 25 days ago

Marten V. 23 days ago • Edit Maybe you could build a package on freebsd machine: ... »
See more »
Edwin V. Marten V.
Ciaran O.

Ciaran

OSSEC Update Schedule?

Hi Folks. I've been using OSSEC on a RHEL 6 test system for 6 weeks now. It appears quite stable. Updating Iptables with block rules can ...

posted 1 month ago

Ciaran O. 1 month ago • Edit Thanks Dan and Michael. »
See all 7 comments »
Dan P. Michael S. Ciaran O.
Hans S.

Hans

add exception for rootkit detection

Hi
Is it possible to add an exception for the rootkit detection of a file under /dev on a centos system (/dev/md/md-device-map?
grtz

posted 2 months ago

Dan P. 1 month ago • Edit Can you send more information to the mailing list? »
See more »
Dan P.
Satyanarayan M.

Satyanarayan

is it necessary to added a new daemon on the manager, called ossec-authd...

The complain I hear more often about OSSEC is related to how hard it is to setup the authentication keys between the agents and the manager. Each agent share a key-pair with the manager, so if you have a thousand agents, you...

posted 1 month ago

Dan P. 1 month ago • Edit What do you mean by "is it necessary?" You don't have to install that daemon if you don't want it, and even if you install it you don't have to ... »
See more »
Dan P.
Satyanarayan M.

Satyanarayan

Hi i am new to ossec wan to clone bitbucket ( http://hg.io/dcid/ossec-hids/src/43e8b41a8195/src/remoted/README) ,can you please guide me .

posted 1 month ago

JB C. 1 month ago • Edit Install Mercurial (http://mercurial.selenic.com/) first, then use the following command to clone ... »
See more »
JB C.
Paul L.

Paul

Windows Agent - problem with new file alerts

I have a bunch of Windows servers that I'm trying to get new file alerting working on, ideally in real time. However, I'm getting some ...

posted 2 months ago

Paul L. 2 months ago • Edit Yes, I enabled new file alerts in ossec.conf on the manager, and changed the rule in ossec_rules.xml to be level 7. ... »
See more »
Dan P. Paul L.
Peter A.

Peter

Detecting outdated web applications with OSSEC question

RE: http://dcid.me/2011/09/detecting-outdated-web-applications-with-ossec/Is there a way for each agent that detects outdated web ...

For the last few days I started working (again) on the system auditing module for OSSEC and one thing that can make it more useful is to detect outdated applications (specially web apps). Things like WordPress, Joomla, Wikis...

posted 3 months ago

Peter A. 2 months ago • Edit Good day, Dan: ... »
See all 6 comments »
Peter A. Dan P. Peter A.
Andrew H.

Andrew

OSSEC is now an open group

I am pleased to announce that, as the owner of this group, I have just switched us to an open discussion group. All future discussions ...

posted January 13, 2011

Gaetano P. 3 months ago • Edit Gaetano likes this. »
See all 3 comments »
Jeff M. Osioke O.
Peter A.

Peter

Question on http://dcid.me/2011/09/detecting-outdated-web-applications-with-ossec/ How do we pull the latest rule snapshot from...

posted 4 months ago

Dan P. 4 months ago • Edit According to the first result in google you can find it in the rpmforge repository. »
See all 6 comments »
Dan P. Peter A. Dan P.
Peter A.

Peter

How to trouble shoot rule errors?

OSSEC analysisd: Testing rules failed. Configuration error. Exiting.

How do I trouble shoot what failed?

Thank you.

posted 6 months ago

Gade M. 3 months ago • Edit Nice one peter »
See all 4 comments »
Peter A. Bradford S. Gade M.
Peter A.

Peter

Can an OSSEC rule be made to detect the latest Apache vulnerability being pushed on by one or more hackers?

If yes, what would the rule look like?

Free whitepaper – Effect of UPS on System...

posted 6 months ago

Peter A. 5 months ago • Edit Hi Michael: ... »
See more »
Michael S. Peter A.
Rakesh P.

Rakesh

windows shutting down events--false positive!?

Any ideas why ossec is triggering this events even though the sytems are NOT shutting down
Removed system name and ip address for ...

posted 6 months ago

Rakesh P. 6 months ago • Edit Thank you. »
See more »
Michael S. Rakesh P.
Satish P.

Satish

I am looking for OSSEC commercial support and i called TrenMicro and those guys has no idea about this software.. What should i do now ?

posted January 26, 2011

Rakesh P. 5 months ago • Edit I had my procurement department get me a quote. They are expensive. 300 agents and one server...$28K. »
See all 7 comments »
David J. Randy L. Rakesh P.
Mike D.

Mike

OSSEC Use in VPS/Cloud Deployments

I'm wondering if there are any statistics or information available on OSSEC deployments in virtual hosting environments? With the ...

posted 6 months ago

Bud M. 6 months ago • Edit Hi Mike, ... »
See more »
Michael S. Bud M.
Peter A.

Peter

Problems joining Google Group for ossec user support

RE: http://www.ossec.net/main/support#ossec-listTo subscribe to the ossec-list, send an e-mail to ...

posted 6 months ago

Dan P. 6 months ago • Edit Go to http://groups.google.com/group/ossec-list?lnk=srg and use the "Join this group" link on the right. »
See more »
Dan P.
Matt J.

Matt

OSSEC and Real Time File Monitoring/iNotify Question

According to the documentation for inotify, it can do many more things that OSSEC doesn't have enabled by default, like IN_ACCESS, ...

posted 6 months ago

Michael S. 6 months ago • Edit I understand that some options were not added because they were too chatty. For instance, OSSEC will not alert on new files in real time ... »
See all 3 comments »
Tigran P. Matt J. Michael S.
John C.

John

What is the CPU/Memory impact of the Windows agent if running under Server 2008? Same with MS SQL 2008 R2?

posted 7 months ago

Michael S. 6 months ago • Edit The CPU impact is negligible except when syscheck is running; then it may consume 20% or so, but it is designed to back off every few files ... »
See more »
Randy L. Michael S.

Manager's Choice

Andrew H.

OSSEC is now an open group

Andrew H. See all »

Ad

Top Influencers This Week

Group Statistics

CHECK OUT INSIGHTFUL STATISTICS ON THIS GROUP

  1. Director
  2. Manager
  3. Entry
MEMBERS
3,759
View Group Statistics »