Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Not being able to run SYSCHEKD in OSSEC local (HIDS)
Special Forums Cybersecurity Not being able to run SYSCHEKD in OSSEC local (HIDS) Post 302584780 by metalaarif on Sunday 25th of December 2011 02:18:16 PM
Old 12-25-2011
MySQL Not being able to run SYSCHEKD in OSSEC local (HIDS)
I am newbee to OSSEC. My objective is to install OSSEC in a ubuntu 10.04 server, configure it and then install rootkits, tamper files and then scan for possible notification and alerts.
BUT I tired and then changed few setting in ossec.conf but its nearly similar to default setting.

After successful installation for local
I thought of modifying below commands before really installing rootkits and detecting it.
Code:
#touch /bin/ls
 #touch /bin/ps

then i performed
Code:
#/var/ossec/bin/ossec-syscheckd start

then, i went to see the log file
Code:
#tail /var/ossec/logs/ossec.log

then i saw that it was scanning. I could see it in log file that it was monitoring directories and then
started syscheck database and then started syscheck rootcheck scan

The thing I don't understand is Unlike Aide and Samhain why am i not being able to perform scan and then get notifications of changes that i had done.
I didn't even get any log message in alerts.log.


I am confused. I just want to test if OSSEC can successfully detect rootkits, file tampering and then report or notify when i perform scan.
I would really appreciate if anyone could help me.
Last edited by radoulov; 12-27-2011 at 09:23 AM.. Reason: Code tags!
 

7 More Discussions You Might Find Interesting

1. Solaris

run xclock from local solaris to remote solaris

Hello - I am trying to connect to a remote solaris box from a solaris box i have locally present with me using 'ssh login@IP' ... Its connecting fine but... when I run xclock - it says 'Can't open display' Whereas, IF I connect to same remote solaris IP from my windows desktop locally via putty... (9 Replies)
Discussion started by: panchpan
9 Replies

2. Shell Programming and Scripting

Help with shell script to run the commands reading options from local file

I have to use shell script to run series of commands on another unix box by connecting through SSH and giving user credentials. For running commands on remote machine I have to use options reading from a local file. Process: Connecting to remote unix server <host1.ibm.com> through ssh Login: ... (2 Replies)
Discussion started by: itsprout
2 Replies

3. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

4. Red Hat

Regding OSSEC

FYI... Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers installed in chroot environment. Moreover ossec server and apache (web servers are agents) are installed in separate machines. In ossec.conf file, added below configuration in both server and agent. ... (0 Replies)
Discussion started by: vamsi_k
0 Replies

5. UNIX for Advanced & Expert Users

has no rc.local in /etc, how to auto run cmd in the boot process?

Hi I want to run some cmd before the linux boot up and I want to let it run before sshd service start, any helps? (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. Shell Programming and Scripting

To run a local shell script in a remote machine by passing arguments to the local shell script

I need to run a local shell script on a remote machine. I am able to achieve that by executing the command > ssh -qtt user@host < test.sh However, when I try to pass arguments to test.sh it fails. Any pointers would be appreciated. (7 Replies)
Discussion started by: Sree10
7 Replies

7. Shell Programming and Scripting

Except script to run a local shell script on remote server using root access

local script: cat > first.sh cd /tmp echo $PWD echo `whoami` cd /tmp/123 tar -cvf 789.tar 456 sleep 10 except script: cat > first #!/usr/bin/expect set ip 10.5.15.20 set user "xyz123" set password "123456" set script first.sh spawn sh -c "ssh $user@$ip bash < $script" (1 Reply)
Discussion started by: Aditya Avanth
1 Replies

LEARN ABOUT DEBIAN

devel::refcount

Devel::Refcount(3pm)					User Contributed Perl Documentation				      Devel::Refcount(3pm)

NAME

       "Devel::Refcount" - obtain the REFCNT value of a referent

SYNOPSIS

	use Devel::Refcount qw( refcount );

	my $anon = [];

	print "Anon ARRAY $anon has " . refcount($anon) . " reference
";

	my $otherref = $anon;

	print "Anon ARRAY $anon now has " . refcount($anon) . " references
";

DESCRIPTION

       This module provides a single function which obtains the reference count of the object being pointed to by the passed reference value.

FUNCTIONS

   $count = refcount($ref)
       Returns the reference count of the object being pointed to by $ref.

COMPARISON WITH SvREFCNT
       This function differs from "Devel::Peek::SvREFCNT" in that SvREFCNT() gives the reference count of the SV object itself that it is passed,
       whereas refcount() gives the count of the object being pointed to. This allows it to give the count of any referent (i.e. ARRAY, HASH,
       CODE, GLOB and Regexp types) as well.

       Consider the following example program:

	use Devel::Peek qw( SvREFCNT );
	use Devel::Refcount qw( refcount );

	sub printcount
	{
	   my $name = shift;

	   printf "%30s has SvREFCNT=%d, refcount=%d
",
	      $name, SvREFCNT($_[0]), refcount($_[0]);
	}

	my $var = [];

	printcount 'Initially, $var', $var;

	my $othervar = $var;

	printcount 'Before CODE ref, $var', $var;
	printcount '$othervar', $othervar;

	my $code = sub { undef $var };

	printcount 'After CODE ref, $var', $var;
	printcount '$othervar', $othervar;

       This produces the output

		       Initially, $var has SvREFCNT=1, refcount=1
		 Before CODE ref, $var has SvREFCNT=1, refcount=2
			     $othervar has SvREFCNT=1, refcount=2
		  After CODE ref, $var has SvREFCNT=2, refcount=2
			     $othervar has SvREFCNT=1, refcount=2

       Here, we see that SvREFCNT() counts the number of references to the SV object passed in as the scalar value - the $var or $othervar
       respectively, whereas refcount() counts the number of reference values that point to the referent object - the anonymous ARRAY in this
       case.

       Before the CODE reference is constructed, both $var and $othervar have SvREFCNT() of 1, as they exist only in the current lexical pad. The
       anonymous ARRAY has a refcount() of 2, because both $var and $othervar store a reference to it.

       After the CODE reference is constructed, the $var variable now has an SvREFCNT() of 2, because it also appears in the lexical pad for the
       new anonymous CODE block.

PURE-PERL FALLBACK
       An XS implementation of this function is provided, and is used by default. If the XS library cannot be loaded, a fallback implementation in
       pure perl using the "B" module is used instead. This will behave identically, but is much slower.

	       Rate   pp   xs
	pp 225985/s   -- -66%
	xs 669570/s 196%   --

SEE ALSO

       o   Test::Refcount - assert reference counts on objects

AUTHOR

       Paul Evans <leonerd@leonerd.org.uk>

perl v5.14.2							    2011-11-15						      Devel::Refcount(3pm)
All times are GMT -4. The time now is 04:27 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy