Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Not being able to run SYSCHEKD in OSSEC local (HIDS)
Special Forums Cybersecurity Not being able to run SYSCHEKD in OSSEC local (HIDS) Post 302584780 by metalaarif on Sunday 25th of December 2011 02:18:16 PM
Old 12-25-2011
MySQL Not being able to run SYSCHEKD in OSSEC local (HIDS)
I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts.
BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting.

After successful installation for local
I thought of modifying below commands before really installing rootkits and detecting it.
Code:
#touch /bin/ls
 #touch /bin/ps

then i performed
Code:
#/var/ossec/bin/ossec-syscheckd start

then, i went to see the log file
Code:
#tail /var/ossec/logs/ossec.log

then i saw that it was scanning. I could see it in log file that it was monitoring directories and then
started syscheck database and then started syscheck rootcheck scan

The thing I don't understand is Unlike Aide and Samhain why am i not being able to perform scan and then get notifications of changes that i had done.
I didn't even get any log message in alerts.log.


I am confused. I just want to test if OSSEC can successfully detect rootkits, file tampering and then report or notify when i perform scan.
I would really appreciate if anyone could help me.
Last edited by radoulov; 12-27-2011 at 09:23 AM.. Reason: Code tags!
 

7 More Discussions You Might Find Interesting

1. Solaris

run xclock from local solaris to remote solaris

Hello - I am trying to connect to a remote solaris box from a solaris box i have locally present with me using 'ssh login@IP' ... Its connecting fine but... when I run xclock - it says 'Can't open display' Whereas, IF I connect to same remote solaris IP from my windows desktop locally via putty... (9 Replies)
Discussion started by: panchpan
9 Replies

2. Shell Programming and Scripting

Help with shell script to run the commands reading options from local file

I have to use shell script to run series of commands on another unix box by connecting through SSH and giving user credentials. For running commands on remote machine I have to use options reading from a local file. Process: Connecting to remote unix server <host1.ibm.com> through ssh Login: ... (2 Replies)
Discussion started by: itsprout
2 Replies

3. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

4. Red Hat

Regding OSSEC

FYI... Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers installed in chroot environment. Moreover ossec server and apache (web servers are agents) are installed in separate machines. In ossec.conf file, added below configuration in both server and agent. ... (0 Replies)
Discussion started by: vamsi_k
0 Replies

5. UNIX for Advanced & Expert Users

has no rc.local in /etc, how to auto run cmd in the boot process?

Hi I want to run some cmd before the linux boot up and I want to let it run before sshd service start, any helps? (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. Shell Programming and Scripting

To run a local shell script in a remote machine by passing arguments to the local shell script

I need to run a local shell script on a remote machine. I am able to achieve that by executing the command > ssh -qtt user@host < test.sh However, when I try to pass arguments to test.sh it fails. Any pointers would be appreciated. (7 Replies)
Discussion started by: Sree10
7 Replies

7. Shell Programming and Scripting

Except script to run a local shell script on remote server using root access

local script: cat > first.sh cd /tmp echo $PWD echo `whoami` cd /tmp/123 tar -cvf 789.tar 456 sleep 10 except script: cat > first #!/usr/bin/expect set ip 10.5.15.20 set user "xyz123" set password "123456" set script first.sh spawn sh -c "ssh $user@$ip bash < $script" (1 Reply)
Discussion started by: Aditya Avanth
1 Replies

LEARN ABOUT DEBIAN

save_binary_logs

SAVE_BINARY_LOGS(1p)					User Contributed Perl Documentation				      SAVE_BINARY_LOGS(1p)

NAME

       save_binary_logs - Concatenating binary or relay logs from the specified file/position to the end of the log. This command is automatically
       executed from MHA Manager on failover, and manual execution should not be needed normally.

SYNOPSIS

       # Test

       $ save_binary_logs --command=test  --binlog_dir=/var/lib/mysql --start_file=mysqld-bin.000002

       # Saving binary logs

       $ save_binary_logs --command=save --binlog_dir=/var/lib/mysql --start_file=mysqld-bin.000002 --start_pos=312
       --output_file=/var/tmp/aggregate.binlog

       # Saving relay logs

       $ save_binary_logs --command=save --start_file=mysqld-relay-bin.000002 --start_pos=312 --relay_log_info=/var/lib/mysql/relay-log.info
       --output_file=/var/tmp/aggregate.binlog

       save_binary_logs concatenates binary or relay logs from the specified log file/position to the end of the log. This tool is intended to be
       invoked from the master failover script(MHA Manager), and manual execution is normally not needed.

DESCRIPTION

       Suppose that master is crashed and the latest slave server has received binary logs up to mysqld-bin.000002:312. It is likely that master
       has more binary logs. If it is not sent to the slave, slaves will lose all binlogs from mysqld-bin.000002:312. The purpose of the
       save_binary_logs is to save binary logs that are not replicated to slaves. If master is reachable through SSH and binary logs are readable,
       saving binary logs is possible.

       Here is an example:

       $ save_binary_logs --command=save --start_file=mysqld-bin.000002 --start_pos=312 --output_file=/var/tmp/aggregate.binlog

       Then all binary logs starting from mysqld-bin.000002:312 are concatenated and stored into /var/tmp/aggregate.binlog. If you have binary
       logs up to mysqld-bin.000004, the following mysqlbinlog outputs are written.

       mysqld-bin.000002:Format Description Event(FDE), plus from 312 to the tail mysqld-bin.000003:from 0 to the tail, excluding FDE
       mysqld-bin.000004:from 0 to the tail, excluding FDE

perl v5.14.2							    2012-01-08						      SAVE_BINARY_LOGS(1p)
All times are GMT -4. The time now is 05:01 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy