Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Not being able to run SYSCHEKD in OSSEC local (HIDS)
Special Forums Cybersecurity Not being able to run SYSCHEKD in OSSEC local (HIDS) Post 302584780 by metalaarif on Sunday 25th of December 2011 02:18:16 PM
Old 12-25-2011
MySQL Not being able to run SYSCHEKD in OSSEC local (HIDS)
I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts.
BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting.

After successful installation for local
I thought of modifying below commands before really installing rootkits and detecting it.
Code:
#touch /bin/ls
 #touch /bin/ps

then i performed
Code:
#/var/ossec/bin/ossec-syscheckd start

then, i went to see the log file
Code:
#tail /var/ossec/logs/ossec.log

then i saw that it was scanning. I could see it in log file that it was monitoring directories and then
started syscheck database and then started syscheck rootcheck scan

The thing I don't understand is Unlike Aide and Samhain why am i not being able to perform scan and then get notifications of changes that i had done.
I didn't even get any log message in alerts.log.


I am confused. I just want to test if OSSEC can successfully detect rootkits, file tampering and then report or notify when i perform scan.
I would really appreciate if anyone could help me.
Last edited by radoulov; 12-27-2011 at 09:23 AM.. Reason: Code tags!
 

7 More Discussions You Might Find Interesting

1. Solaris

run xclock from local solaris to remote solaris

Hello - I am trying to connect to a remote solaris box from a solaris box i have locally present with me using 'ssh login@IP' ... Its connecting fine but... when I run xclock - it says 'Can't open display' Whereas, IF I connect to same remote solaris IP from my windows desktop locally via putty... (9 Replies)
Discussion started by: panchpan
9 Replies

2. Shell Programming and Scripting

Help with shell script to run the commands reading options from local file

I have to use shell script to run series of commands on another unix box by connecting through SSH and giving user credentials. For running commands on remote machine I have to use options reading from a local file. Process: Connecting to remote unix server <host1.ibm.com> through ssh Login: ... (2 Replies)
Discussion started by: itsprout
2 Replies

3. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

4. Red Hat

Regding OSSEC

FYI... Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers installed in chroot environment. Moreover ossec server and apache (web servers are agents) are installed in separate machines. In ossec.conf file, added below configuration in both server and agent. ... (0 Replies)
Discussion started by: vamsi_k
0 Replies

5. UNIX for Advanced & Expert Users

has no rc.local in /etc, how to auto run cmd in the boot process?

Hi I want to run some cmd before the linux boot up and I want to let it run before sshd service start, any helps? (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. Shell Programming and Scripting

To run a local shell script in a remote machine by passing arguments to the local shell script

I need to run a local shell script on a remote machine. I am able to achieve that by executing the command > ssh -qtt user@host < test.sh However, when I try to pass arguments to test.sh it fails. Any pointers would be appreciated. (7 Replies)
Discussion started by: Sree10
7 Replies

7. Shell Programming and Scripting

Except script to run a local shell script on remote server using root access

local script: cat > first.sh cd /tmp echo $PWD echo `whoami` cd /tmp/123 tar -cvf 789.tar 456 sleep 10 except script: cat > first #!/usr/bin/expect set ip 10.5.15.20 set user "xyz123" set password "123456" set script first.sh spawn sh -c "ssh $user@$ip bash < $script" (1 Reply)
Discussion started by: Aditya Avanth
1 Replies

LEARN ABOUT LINUX

unattended-upgrade

unattended-upgrade(8)					      System Manager's Manual					     unattended-upgrade(8)

NAME

       unattended-upgrade - automatic installation of security (and other) upgrades

SYNOPSIS

       unattended-upgrade [options]

DESCRIPTION

       This program can download and install security upgrades automatically and unattended, taking care to only install packages from the config-
       ured APT source, and checking for dpkg prompts about configuration file changes. All output is logged to /var/log/unattended-ugprades.log.

       This  script  is  the  backend  for  the  APT::Periodic::Unattended-Upgrade  option  and  designed  to  be  run	 from	cron   (e.g.   via
       /etc/cron.daily/apt).

OPTIONS

       unattended-upgrade accepts the following options

       -h, --help
	      help output

       -d, --debug
	      extra debug output into /var/log/unattended-upgrades.log

       --dry-run
	      Just simulate installing updates, do not actually do it

CONFIGURATION

       The  configuration  is done via the apt configuration mechanism, the default configuration file can be found at /etc/apt/apt.conf.d/50unat-
       tended-upgrades

AUTHORS

       unattended-upgrade is written by Michael Vogt <mvo@ubuntu.com>

       This manual page was originally written by Michael Vogt <mvo@ubuntu.com>

COPYRIGHT

       Copyright  (C)  2005-2009 Canonical

       There is NO warranty.  You may redistribute this software under the terms of  the  GNU General  Public License.	For more information about
       these matters, see the files named COPYING.

								    May 4, 2009 					     unattended-upgrade(8)
All times are GMT -4. The time now is 03:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy