All Questions
7
questions
0
votes
0
answers
1k
views
OSSEC Web UI 404 on initial setup
I'm trying to setup the OSSEC web UI on a fresh installation of OSSEC on Ubuntu 15.04 Server Edition. I setup the server with the default LAMP stack and OSSEC HIDS seems to have installed successfully....
6
votes
4
answers
9k
views
OSSEC disk space usage
A few days ago I noticed that the disk of my Ubuntu server was almost full. I dug a bit and found out that the disk space was used by OSSEC, in the /var/ossec/queue/diff folder.
I wanted to try ...
3
votes
1
answer
2k
views
Suppress OSSEC email for failed root ssh
I'm running OSSEC as a HIDS on a Ubuntu 12.10 server, and it routinely (3-4x a day) sends me a notification like this: (note the last octet of the IP address has been changed to 'xxx' to protect the ...
1
vote
1
answer
4k
views
Generating alerts from ossec ( server- agent ) model
I'm very new to OSSEC. I use a server-agent model. I wish to generate alert for the following actions ( in agent side ):
1) Sample Alert for delation of logs
I added the rules for these in agent's ...
1
vote
4
answers
5k
views
OSSEC is not running
I have an two ec2 instances. In one I have installed ossec server and in other I have installed ossec agent.
Here are my server config INBOUND (security group/firewall) :
port:514 source:0.0.0.0/...
1
vote
2
answers
425
views
What dangers (and should I be worried) are there from attempted break-ins? (reported by OSSEC)
I've installed OSSEC on my server and I've been getting reports similar to the following:
Jan 11 19:27:03 Daddy sshd[14459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=...
0
votes
1
answer
2k
views
CAn not open port 1514 in ubuntu iptables
I am installing OSSEC and it says that i need to open port 1514 and 514 in firewall.
Now i have added the rule for port 1514 but i still can't get coonect if i use telney like
ossec-hids-2.5]# ...