Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Not being able to run SYSCHEKD in OSSEC local (HIDS)
Special Forums Cybersecurity Not being able to run SYSCHEKD in OSSEC local (HIDS) Post 302584923 by ddpbsd on Monday 26th of December 2011 04:38:13 PM
Old 12-26-2011
Moderator's Comments:
Mod Comment Moderated.

So to re-cap what I posted on the OSSEC mailing list: Did you modify the files or just touch them? syscheck looks for modifications, not use.
Last edited by radoulov; 12-27-2011 at 09:24 AM..
 

7 More Discussions You Might Find Interesting

1. Solaris

run xclock from local solaris to remote solaris

Hello - I am trying to connect to a remote solaris box from a solaris box i have locally present with me using 'ssh login@IP' ... Its connecting fine but... when I run xclock - it says 'Can't open display' Whereas, IF I connect to same remote solaris IP from my windows desktop locally via putty... (9 Replies)
Discussion started by: panchpan
9 Replies

2. Shell Programming and Scripting

Help with shell script to run the commands reading options from local file

I have to use shell script to run series of commands on another unix box by connecting through SSH and giving user credentials. For running commands on remote machine I have to use options reading from a local file. Process: Connecting to remote unix server <host1.ibm.com> through ssh Login: ... (2 Replies)
Discussion started by: itsprout
2 Replies

3. AIX

Do I need to configure my local windows to FTP files from local windows to a UNIX AIX server?

Hi Friends, I have this script for ftping files from AIX server to local windows xp. #!/bin/sh HOST='localsystem.net' USER='myid_onlocal' PASSWD='mypwd_onlocal' FILE='file.txt' ##This is a file on server(AIX) ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD put $FILE... (1 Reply)
Discussion started by: rajsharma
1 Replies

4. Red Hat

Regding OSSEC

FYI... Installed OSSEC server version 2.6 in Cent OS 6.2 and agents are web servers installed in chroot environment. Moreover ossec server and apache (web servers are agents) are installed in separate machines. In ossec.conf file, added below configuration in both server and agent. ... (0 Replies)
Discussion started by: vamsi_k
0 Replies

5. UNIX for Advanced & Expert Users

has no rc.local in /etc, how to auto run cmd in the boot process?

Hi I want to run some cmd before the linux boot up and I want to let it run before sshd service start, any helps? (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. Shell Programming and Scripting

To run a local shell script in a remote machine by passing arguments to the local shell script

I need to run a local shell script on a remote machine. I am able to achieve that by executing the command > ssh -qtt user@host < test.sh However, when I try to pass arguments to test.sh it fails. Any pointers would be appreciated. (7 Replies)
Discussion started by: Sree10
7 Replies

7. Shell Programming and Scripting

Except script to run a local shell script on remote server using root access

local script: cat > first.sh cd /tmp echo $PWD echo `whoami` cd /tmp/123 tar -cvf 789.tar 456 sleep 10 except script: cat > first #!/usr/bin/expect set ip 10.5.15.20 set user "xyz123" set password "123456" set script first.sh spawn sh -c "ssh $user@$ip bash < $script" (1 Reply)
Discussion started by: Aditya Avanth
1 Replies

LEARN ABOUT SUSE

docheckgroups

DOCHECKGROUPS(8)					    InterNetNews Documentation						  DOCHECKGROUPS(8)

NAME

       docheckgroups - Process checkgroups and output a list of changes

SYNOPSIS

       docheckgroups [-u] [include-pattern [exclude-pattern]]

DESCRIPTION

       docheckgroups is usually run by controlchan in order to process checkgroups control messages.  It reads a list of newsgroups along with
       their descriptions on its standard input.  That list should be formatted like the newsgroups(5) file:  each line contains the name of a
       newsgroup followed by one or more tabulations and its description.

       docheckgroups will only check the presence of newsgroups which match include-pattern (an egrep expression like "^comp..*$" for newsgroups
       starting with "comp.") and which do not match exclude-pattern (also an egrep expression) except for newsgroups mentioned in the
       pathetc/localgroups file.  This file is also formatted like the newsgroups(5) file and should contain local newsgroups which would
       otherwise be mentioned for removal.  There is no need to put local newsgroups of hierarchies for which no checkgroups control messages are
       sent, unless you manually process checkgroups texts for them.  Lines beginning with a hash sign ("#") are not taken into account in this
       file.  All the newsgroups and descriptions mentioned in pathetc/localgroups are appended to the processed checkgroups.

       If exclude-pattern is given, include-pattern should also be given before (you can use an empty string ("") if you want to include all the
       newsgroups).  Be that as it may, docheckgroups will only check newsgroups in the top-level hierarchies which are present in the
       checkgroups.

       Then, docheckgroups checks the active and newsgroups files and displays on its standard output a list of changes, if any.  It does not
       change anything by default; it only points out what should be changed:

       o Newsgroups which should be removed (they are in the active file but not in the checkgroups) and the relevant ctlinnd commands to achieve
	 that;

       o Newsgroups which should be added (they are not in the active file but in the checkgroups) and the relevant ctlinnd commands to achieve
	 that;

       o Newsgroups which are incorrectly marked as moderated or unmoderated (they are both in the active file and the checkgroups but their
	 status differs) and the relevant ctlinnd commands to fix that;

       o Descriptions which should be removed (they are in the newsgroups file but not in the checkgroups);

       o Descriptions which should be added (they are not in the newsgroups file but in the checkgroups).

       The output of docheckgroups can be fed into mod-active (it will pause the news server, update the active file accordingly, reload it and
       resume the work of the news server) or into the shell (commands for ctlinnd will be processed one by one).  In order to update the
       newsgroups file, the -u flag must be given to docheckgroups.

       When processing a checkgroups manually, it is always advisable to first check the raw output of docheckgroups.  Then, if everything looks
       fine, use mod-active and the -u flag.

OPTIONS

       -u  If this flag is given, docheckgroups will update the newsgroups file: it removes obsolete descriptions and adds new ones.  It also
	   sorts this file alphabetically and improves its general format (see newsgroups(5) for an explanation of the preferred number of
	   tabulations).

EXAMPLES

       So as to better understand how docheckgroups works, here are examples with the following active file:

	   a.first 0000000000 0000000001 y
	   a.second.announce 0000000000 0000000001 y
	   a.second.group 0000000000 0000000001 y
	   b.additional 0000000000 0000000001 y
	   b.third 0000000000 0000000001 y
	   c.fourth 0000000000 0000000001 y

       the following newsgroups file (using tabulations):

	   a.first	       First group.
	   a.second.announce   Announce group.
	   a.second.group      Second group.
	   b.third	       Third group.
	   c.fourth	       Fourth group.

       and the following localgroups file (using tabulations):

	   b.additional        A local newsgroup I want to keep.

       The checkgroups we process is in the file test which contains:

	   a.first	       First group.
	   a.second.announce   Announce group. (Moderated)
	   a.second.group      Second group.
	   b.third	       Third group.
	   c.fourth	       Fourth group.

       If we run:

	   cat test | docheckgroups

       docheckgroups will output that a.second.announce is incorrectly marked as unmoderated and that its description is obsolete.  Besides, two
       new descriptions will be mentioned for addition (the new one for a.second.announce and the missing description for b.additional -- it
       should indeed be in the newsgroups file and not only in localgroups).  Now that we have checked the output of docheckgroups and that we
       agree with the changes, we run it with the -u flag to update the newsgroups file and we redirect the standard output to mod-active to
       update the active file:

	   cat test | docheckgroups -u | mod-active

       That's all!

       Now, suppose we run:

	   cat test | docheckgroups "^c..*$"

       Nothing is output (indeed, everything is fine for the c.* hierarchy).  It would have been similar if the test file had only contained the
       checkgroups for the c.* hierarchy (docheckgroups would not have checked a.* and b.*, even if they had been in include-pattern).

       In order to check both a.* and c.*, you can run:

	   cat test | docheckgroups "^a..*$|^c..*$"

       And if you want to check a.* but not a.second.*, you can run:

	   cat test | docheckgroups "^a..*$" "^a.second..*$"

       In our example, docheckgroups will then mention a.second.announce and a.second.group for removal since they are in the active file (the
       same goes for their descriptions).  Notwithstanding, if you do want to keep a.second.announce, just add this group to localgroups and
       docheckgroups will no longer mention it for removal.

FILES

       pathbin/docheckgroups
	   The Shell script itself used to process checkgroups.

       pathetc/localgroups
	   The list of local newsgroups along with their descriptions.

HISTORY

       Documentation written by Julien Elie for InterNetNews.

       $Id: docheckgroups.pod 8357 2009-02-27 17:56:00Z iulius $

SEE ALSO

       active(5), controlchan(8), ctlinnd(8), mod-active(8), newsgroups(5).

INN 2.5.2							    2009-05-21							  DOCHECKGROUPS(8)
All times are GMT -4. The time now is 03:41 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy