[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] [ossecm@xxxxxxxxxxxxxxxx: OSSEC Hids Notification - Alert level 12]

Subject: [Ossec-list] [ossecm@xxxxxxxxxxxxxxxx: OSSEC Hids Notification - Alert level 12]
From: kayvan at sylvan.com (Kayvan A. Sylvan)
Date: Mon, 8 May 2006 10:42:45 -0700

Hi! OSSEC is IP banning my normal users when they log in...

Here is the alert and I see the IP address of the machine on my internal
network in hosts.deny.

This does not seem like good behavior...

Any suggestions?

----- Forwarded message from OSSEC HIDS <ossecm at satyr.sylvan.com> -----

To: <root at sylvan.com>
From: OSSEC HIDS <ossecm at satyr.sylvan.com>
Subject: OSSEC Hids Notification - Alert level 12

OSSEC HIDS Notification.
2006 May 08 10:36:15

Received From: /var/log/secure
Rule: 1601 fired (level 12) -> "System user sucessfully logged on the system.'"
Portion of the log(s):

sshd[19239]: Accepted password for robin from 192.168.0.18 port 38736 ssh2



 --END OF NOTIFICATION


----- End forwarded message -----

-- 
Kayvan A. Sylvan          | Proud husband of       | Father to my kids:
Sylvan Associates, Inc.   | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen.    | Robin Gregory (2/28/92)

Follow-Ups:
- [Ossec-list] [ossecm@xxxxxxxxxxxxxxxx: OSSEC Hids Notification - Alert level 12]
  - From: Daniel Cid

Prev by Date: [Ossec-list] OSSEC + IPFW
Next by Date: [Ossec-list] [ossecm@xxxxxxxxxxxxxxxx: OSSEC Hids Notification - Alert level 12]
Previous by thread: [Ossec-list] OSSEC + IPFW
Next by thread: [Ossec-list] [ossecm@xxxxxxxxxxxxxxxx: OSSEC Hids Notification - Alert level 12]
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.