Not being able to run SYSCHEKD in OSSEC local (HIDS)
I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts.
BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting.
After successful installation for local
I thought of modifying below commands before really installing rootkits and detecting it.
Code:
#touch /bin/ls
#touch /bin/ps
then i performed
Code:
#/var/ossec/bin/ossec-syscheckd start
then, i went to see the log file
Code:
#tail /var/ossec/logs/ossec.log
then i saw that it was scanning. I could see it in log file that it was monitoring directories and then
started syscheck database and then started syscheck rootcheck scan
The thing I don't understand is Unlike Aide and Samhain why am i not being able to perform scan and then get notifications of changes that i had done.
I didn't even get any log message in alerts.log.
I am confused. I just want to test if OSSEC can successfully detect rootkits, file tampering and then report or notify when i perform scan.
I would really appreciate if anyone could help me.
Last edited by radoulov; 12-27-2011 at 09:23 AM..
Reason: Code tags!
local script:
cat > first.sh
cd /tmp
echo $PWD
echo `whoami`
cd /tmp/123
tar -cvf 789.tar 456
sleep 10
except script:
cat > first
#!/usr/bin/expect
set ip 10.5.15.20
set user "xyz123"
set password "123456"
set script first.sh
spawn sh -c "ssh $user@$ip bash < $script" (1 Reply)
I need to run a local shell script on a remote machine. I am able to achieve that by executing the command
> ssh -qtt user@host < test.sh
However, when I try to pass arguments to test.sh it fails.
Any pointers would be appreciated. (7 Replies)
FYI...
Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers
installed in chroot environment.
Moreover ossec server and apache (web servers are agents) are installed in separate machines.
In ossec.conf file, added below configuration in both server and agent. ... (0 Replies)
Hi Friends,
I have this script for ftping files from AIX server to local windows xp.
#!/bin/sh
HOST='localsystem.net'
USER='myid_onlocal'
PASSWD='mypwd_onlocal'
FILE='file.txt' ##This is a file on server(AIX)
ftp -n $HOST <<END_SCRIPT
quote USER $USER
quote PASS $PASSWD
put $FILE... (1 Reply)
I have to use shell script to run series of commands on another unix box by connecting through SSH and giving user credentials. For running commands on remote machine I have to use options reading from a local file.
Process:
Connecting to remote unix server <host1.ibm.com> through ssh
Login: ... (2 Replies)
Hello - I am trying to connect to a remote solaris box from a solaris box i have locally present with me using 'ssh login@IP' ... Its connecting fine but... when I run xclock - it says 'Can't open display'
Whereas, IF I connect to same remote solaris IP from my windows desktop locally via putty... (9 Replies)
12-25-2011
Not being able to run SYSCHEKD in OSSEC local (HIDS)
