All Questions
12
questions
1
vote
0
answers
420
views
OSSEC Multiple "Integrity Checksum Changed" Alerts
I know this question has been asked several times, but the answers do not seem to work.
After installing OSSEC server on my Ubuntu Server 18.04 LTS machine, I've received hundreds of "Integrity ...
- 11
1
vote
1
answer
400
views
Disable OSSEC email for SSH maximum authentication attempts
I try to disable the email notifications for the OSSEC rule 5758.
<rule id="5758" level="8">
<decoded_as>sshd</decoded_as>
<match>^error: maximum authentication attempts ...
- 13
0
votes
0
answers
1k
views
OSSEC - Not seeing alerts on the Server from file changes on the Agent
I have an OSSEC server and Agent installed and configured. I have imported the key to the Agent and they appear to be communicating. However, I am trying test the file integrity monitoring feature and ...
- 503
0
votes
1
answer
518
views
How to make ossec send only one email for an alert?
I installed ossec with local installation and is working fine. It is sending email alerts fine but seems to be sending the same email over and over for an alert.
For example, an alert email is sent ...
6
votes
4
answers
9k
views
OSSEC disk space usage
A few days ago I noticed that the disk of my Ubuntu server was almost full. I dug a bit and found out that the disk space was used by OSSEC, in the /var/ossec/queue/diff folder.
I wanted to try ...
- 93
0
votes
2
answers
1k
views
OSSEC as a SIEM
I am working on a log aggregation project and wanted to add some minor correlations/security intelligence to the mix.
Currently I have logs from ~400 servers coming into a syslog-ng box. I was ...
- 1,393
2
votes
1
answer
2k
views
OSSEC agent behind NAT
I am working on an OSSEC deployment where I will have multiple agents behind 1 public IP. Below is an example of the setup
Private Network
OSSEC-Agent1 (192.168.1.10)
OSSEC-Agent2 (...
- 1,393
0
votes
1
answer
1k
views
ossec email alerts
Just installed ossec and sendmail however can't able to get alerts to my gmail from ossec. I am able to see the alerts on the sendmail localhost, however alerts seem to be not forwarding to gmail.
1
vote
2
answers
425
views
What dangers (and should I be worried) are there from attempted break-ins? (reported by OSSEC)
I've installed OSSEC on my server and I've been getting reports similar to the following:
Jan 11 19:27:03 Daddy sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=...
- 739
1
vote
0
answers
998
views
Where can I find information about inbuilt registry keys for Windows Server 2008 R2?
Is there a resource for looking up the description and/or usage of W2K8 R2 registry keys?
I need to understand integrity checksum change messages appearing in OSSEC logs on Amazon EC2 instances.
...
- 3,472
0
votes
2
answers
801
views
HOw to know if files md5 chnaged by virus or system itself centos
I installed OSSSEC to very files have chnaged or not.
But sometimes it is giving me false waring and integrity checksums like following files have chnaged.
How can i makesure that files are chnaged ...
John
1
vote
1
answer
213
views
HOw to view all Logs in OSSSEC system ubuntu
I have installed OSSEC
It is working and sometime sending me alert email as well.
But i want to see what can i type so that i can get view all the logs of what OSSEC has found in my system
John