Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
1 vote
0 answers
420 views

OSSEC Multiple "Integrity Checksum Changed" Alerts

I know this question has been asked several times, but the answers do not seem to work. After installing OSSEC server on my Ubuntu Server 18.04 LTS machine, I've received hundreds of "Integrity ...
Leah96xxx's user avatar
0 votes
0 answers
92 views

Can I use OSSEC in a home LAN to monitor for intrusion and malwares?

I'm not quite sure I understand what OSSEC does. But after HiddenWasp, I would like to make sure my Windows and Linux machines in my home are safe. (And harden my VPS) Does OSSEC support antimalware ...
HypeWolf's user avatar
  • 113
1 vote
1 answer
400 views

Disable OSSEC email for SSH maximum authentication attempts

I try to disable the email notifications for the OSSEC rule 5758. <rule id="5758" level="8"> <decoded_as>sshd</decoded_as> <match>^error: maximum authentication attempts ...
Dave's user avatar
  • 13
0 votes
1 answer
2k views

Linux files permissions denied on log files

I have installed nxlog to send my logs to a graylog server. It works fine, but I have a denied permission on the logs of my HIDS Ossec. My process nxlog (launched by collector-sidecar) run as root : ...
Sorcha's user avatar
  • 1,345
2 votes
2 answers
10k views

OSSEC won't start, Error: queue not accessible

I'm trying to set up OSSEC on a CemtOS 6.5 server. This is to be installed as an agent, not a server or local instance. The package successfully installed and I created the clients.key file, but when ...
Liam's user avatar
  • 164
0 votes
1 answer
210 views

OSSEC - Multiple VM's on a single DELL blade (XenServer Hypervisor)

I have a DELL blade with ~100 VM's (with a Citrix XenServer 6.1 hypervisor), all with ossec agent connected to a ossec server outside that same blade. I have a bit of a problem: they all run rootkit ...
Ricardo's user avatar
  • 61
0 votes
2 answers
1k views

OSSEC as a SIEM

I am working on a log aggregation project and wanted to add some minor correlations/security intelligence to the mix. Currently I have logs from ~400 servers coming into a syslog-ng box. I was ...
Eric's user avatar
  • 1,393
0 votes
1 answer
363 views

Email sending script from address is invalid

i am sending email notifications from OSSEC active response script firewall-drop.sh, but when the email is sent through it, the FROM address is like this [email protected] it should be ossec@mydomain....
Farhan's user avatar
  • 4,319
2 votes
1 answer
2k views

OSSEC agent behind NAT

I am working on an OSSEC deployment where I will have multiple agents behind 1 public IP. Below is an example of the setup Private Network OSSEC-Agent1 (192.168.1.10) OSSEC-Agent2 (...
Eric's user avatar
  • 1,393
1 vote
2 answers
3k views

Do I need at least 1 Linux server to use OSSEC to monitor my Windows servers?

I don't know why this isn't more plainly obvious on the website: http://www.ossec.net/ But I can't tell if I need to install a 'server' portion on Linux and then an 'agent' on Windows and then ...
MetaGuru's user avatar
  • 916
0 votes
1 answer
2k views

OSSEC HIDS Notification emails every five minutes from server

My server is sending me the below error message to my email every five minutes: OSSEC HIDS Notification. 2011 Jun 17 16:30:03 Received From: ubuntu->/var/log/syslog Rule: 1002 fired (level 2) ->...
aarru's user avatar
  • 29
7 votes
1 answer
7k views

OSSEC integrity checksum alert - what caused the change?

Recently installed OSSEC on Linux machine to test. Most results are expected, however yesterday I received emails with a number of notifications about Integrity checksum changing on files such as /...
Eureka Ikara's user avatar
1 vote
1 answer
213 views

HOw to view all Logs in OSSSEC system ubuntu

I have installed OSSEC It is working and sometime sending me alert email as well. But i want to see what can i type so that i can get view all the logs of what OSSEC has found in my system
user avatar