[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: some questions

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: some questions
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Thu, 3 Aug 2006 23:58:44 -0300
Cc: "ruurd@xxxxxxxxxx" <ruurd@xxxxxxxxxx>
Content-disposition: inline
Content-transfer-encoding: 7bit


Hi Ruurd,

Let me see if I can answer some of your questions...

1- Ossec has a very centralized approach when analyzing the data, so
there is not
much to configure in the agent side. However, in addition to removing and adding
the agents, the ossec server sends parts of its own configuration to
them. If you
look at /var/ossec/etc/shared you will see some of the files that are
shared with
the agents (by default it includes the rootkit files list, the active
response files,
and the rootkit trojans list).

2- Great idea. I am adding a simple module to do "heath checks" of the agents
and it will extract memory usage, cpu usage, free disk space and
uptime information.
If you have more ideas of health checks to perform, let us know and we can add
them. I didn't fully understood what you meant by verifying if SSL is active or
encryption is running (you mean apache with SSL?)...

3- You already contributed by giving us some ideas and feedback. Other ways to
contribute include reporting false positives or errors in the rules,
providing logs
or new rules to the log analysis engine, contributing with new code, reporting
any error that you may find or even donating financially to the project.

Hope it helps..

--
Daniel B. Cid
dcid ( at ) ossec.net

On 8/3/06, ruurd@xxxxxxxxxx <ruurd@xxxxxxxxxx> wrote:


This morning we have seen the webcast from SANS regarding OSSEC. We found it
very interesting and it has clarified some of our issues. Other issues
however still remain.

1) In the webcast, Mike Poor is talking about Setup, configure, or remove
agents from
remote machines. We can add and remove agents, and give them a key. But
that's it.

We would like to know if there is a way to configure the agents (edit the
ossec.conf) from the ossec server?.

2) The agent-info (in queue) contains the agent host OS. Is there a way to
add more information like free disk space, encryption running, SSL active
etc.


3) We are very enthusiastic about OSSEC. Is there anyway we can contribute
to the project ?

Thanks,

Ruurd Bakker

SecQuard Systems

Mob?? +31(0)6 5262 5365

Email ruurd@xxxxxxxxxx

Web?? www.xsguard.nl

Follow-Ups:
- [ossec-list] Re: some questions
  - From: Lars Scheithauer

References:
- [ossec-list] Re: PIX logs ....
  - From: Daniel Cid
- [ossec-list] Re: some questions
  - From: ruurd

Prev by Date: [ossec-list] Re: Server bind address
Next by Date: [ossec-list] ossec 0.9
Previous by thread: [ossec-list] Re: some questions
Next by thread: [ossec-list] Re: some questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.