Scott R. Shinn

icon indicating a website link https://www.atomicorp.com icon indicating an email [email protected]

icon company Atomicorp icon location Washington DC icon location CTO Atomicorp

Results 40 comments of Scott R. Shinn

If there are too many logs, which can't be solved by OSSEC, will the logs be discarded or stored somewhere?

Im not sure I understand the question here

Flood of "File added to the system" alerts after new agent install

There are a few different ways to handle that. The condition here is that you're adding an new agent and the database for that system is empty at that point....

OSSEC+ Server Monitoring

Yup! an ossec server has all the same functionality built in that an ossec agent does. So its going to run FIM, rootcheck, log IDS, etc

v3.7.0 issue on RHEL 8 systems

Can you tell me more about the environment? Im using this on el8 (rocky linux), and I'm trying to reproduce it

v3.7.0 issue on RHEL 8 systems

A ha, and DNS resolution works correctly in your environments?

OSSEC agent not connecting after Linux host restart

Wouldnt something like this work? After=network.target

File integrity checks use broken hash functions

Id say more for backwards compatibility with 3rd party integrations out there. We'll keep md5 in there to not break those things, but rely on sha256 for the future FIM...

E-mail Alert not receiving from ossec server 3.6.0 on ubuntu 18.04.04

Tagged as stale/closed if no further responses in 7 days

OSSEC logrotate SELinux issue

Sure, the current selinux policy is here: https://github.com/ossec/ossec-hids/tree/master/contrib/selinux, can you make an update there and send us a pull request?

File operations logging

In linux I can see how you'd do it by looking at the mount type. Is that even something you can get from windows?