i have installed Ossec and save it on my sql database but the timestamp of alert is not human readable, how to make it readable ? is there algorithm to make it readable?
View 1 RepliesHow can get human readable output from df -k in HP-UX?
View 5 Replies View RelatedThe following is a script for making the bdf output of HP-UX in a human readable form .
Syntax for running the script is :-
# bdf | bdfrefine.pl
The output will be displayed in KB ,MB,GB or TB as per the disk space . Script details :-
#!/usr/bin/perl
######## SCRIPT FOR USER FRIENDLY bdf OUTPUT ##################
##-----------------------------------------------------------------######################
################# SLURPING INPUT ######################
##-----------------------------------------------------------------######################
[code]....
I want to find out which process is eating RAM, I use this command:
Code:
ps -eo size,pid,user,command | sort -k1 -rn | head -10
but it displays with no human readable:
Code:
283364 4644 quanta /usr/lib/mozilla-firefox/firefox --sm-config-prefix /firefox-C3JYUC/ --sm-client-id 1014cd7d2d4000128169799000000044950019 --screen 0
230372 3635 mysql /usr/sbin/mysqld --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql --pid-file=/var
[code]....
use 'awk' to convert 'size' column to human readable? I also read this thread but I get stuck in printing from $4 to NR.
I want to display users quota in human readable format, so if the size is over 1 GB I want the quotas displayed in GBs
So when I issue the command below should I not get the results in GB ?
Code: Select allrepquota -sa
bob -- 87200M 400G 440G 879 0 0
dave -- 255G 400G 440G 3627 0 0
jim -- 10664M 400G 440G 230 0 0
tom -- 10737M 400G 440G 636 0 0
User bobs usage is 86GB, should 86GB not be displayed rather than 87200M?
I have log files that everyday are downloaded from my webserver in the format: Code: samplesite.com.xxxxxxxxxxx.gz xxxxxxxxxx is a 10 digit epoch time. I am trying to figure out a way in batch to:
1. find all of exisiting files containing the pattern (after the first run it will only be one a day)
2. Isolate the epoch string
3. convert the epoch string to human readable date/time
4. rename the original file as samplesite.com.mmddYYYY.gz
[156750.000302] [Hardware Error]: No human readable MCE decoding support on this CPU type.
[156750.000327] [Hardware Error]: Run the message through 'mcelog --ascii' to decode.
[156750.000344] [Hardware Error]: Machine check events logged
I have been trying to find mcelog for my architecture (2.6.37.6-0.5-desktop #1 SMP PREEMPT 2011-04-25 21:48:33 +0200 i686 i686 i386 GNU/Linux). I am running openSuse version: openSUSE 11.4 (i586)
[Code]....
The top command by default displays in "k" ...how can I make it display in "M"?
View 2 Replies View RelatedCan ossec be run from ubuntu with less notifications to mail only intrusions. i really dont wish to be notified of every single thing that goes on in my system. i only want to be notified of intrusions and anything else that would be of serious concern. can anyone tell me what setting i can do to achieve the goal in mind ?
View 3 Replies View RelatedOSSEC is detecting a trojaned version of /bin/login on a Lucid clean install.[FAILED]: Trojaned version of file '/bin/login' detected. Signature used:bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|s ukasuk' (Generic).
I am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples:
/etc/myfile.txt is deleted. I need this to be reported.
/etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one...
/etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
I have noticed some possible security issues in my /var/log.messages log but i'm not sure how to read the messages.
I'm getting the following lines:
Code:
I noticed that our /etc/shadow file is readable on a patch I released for one of our in house linux boxes a while back ago. Could they use it to gain access the root account etc? Our passwords are all MD5 encrypted.
View 5 Replies View RelatedI was on funnyjunk.com yesterday, looking at funny pictures. I clicked the next button, and a page popped up displaying that the website had malware hosted by hit.d1.net, however when I had Windows XP the MacAffee Siteadvisor Displayed that there was no malware. Is this Real or Fake? Just wondering if it is one of those fake spyware alerts, like from windows.
View 2 Replies View RelatedI wanted to know if anyone had an idea or has heard of creating an email alert when a user changes the password on a samba user?I would like to be able to receive and alert if a user changes their samba password. Could anyone point me in the right direction? I will be attempting this on Arch Linux.
View 2 Replies View RelatedI sue Fedora 13. Since a few times ago, every time when I start the computer, it appears a message of SELinux trouble shooter about a security alert. But most of times there are no errors to show.
View 9 Replies View RelatedI have installed snort + mysql + acid base, I add some rules into /etc/snort/rules/local.rules to test the alert:
alert icmp 192.168.1.20 any -> 192.16.1.21 any (flags:A;ack:0;msg:"NMap icmp ping")
alert icmp 192.168.1.20 any -> 192.16.1.21 any (content:"abcdefgh";;msg:"ping de windows")
alert icmp 192.168.1.20 any <> 192.16.1.21 any (flags: S; msg: "HOULA SYN Packet!"
After I restart snort and I tied 2 pc by cross cable (192.168.1.20 for windows and the victim is 192.168.1.21 for Linux where the snort is installed), my HOME_NET 192.168.1.21 and the EXTEREL_NET !$HOME_NET. The problem is when I run:
snort -dvi eth0 -c /etc/snort/snort.conf
I see the packet transmitted and received (the received conten "abcdefgh" ), when I stopped snort CTRL+C I don't found any alert in the result!!! Run time prior to being shutdown was 218.523030 seconds.
Packet Wire Totals:
Received: 1346
Analyzed: 1342 (99.703%)
Dropped: 0 (0.000%)
Outstanding: 4 (0.297%) .....
dcerpc2 Preprocessor Statistics
Total sessions: 0
database: Closing connection to database "snort"
database: Closing connection to database "snort"
Snort exiting
I have noticed and this now worries me, if I export a KeePassX xml file then open it with a text editor I can see all my �private� details.Just tested it on my old desktop with Slitaz and open the exported file with leafpad text editor and I can see my details just the same.Previously I used RoboForm and when viewing an exported file in the same way you could not make out any of my details. Is KeePassX designed this way or have I not used KeePassX correctly.I have posted this on KeePassX forum and emailed them direct with no response so far.Ubuntu 11.04.
View 9 Replies View RelatedEverytime I login the SELinux Troubleshooter panel applet alerts me that I have 1 alert to view, however when I click on the icon and bring up the Troubleshooter there are no alerts
View 2 Replies View RelatedI am looking for a utility that would do the following:1. Be run manually on a list of files whose sizes should not change, to get a control file containing the sizes of each file.2. Subsequent manual runs would report any changes in size of any of the files in the list, and allow option to accept the new sizes.3. Be run as a cron job to check for changes in the file sizes and send an email alert if a change has occurred since the last time it was run.The purpose is to detect possible hacks of key files on a website. It would not include files expected to change, but just those that should not change. It would be run manually a few times to get the control list one wants to monitor.
View 3 Replies View RelatedI want to find out if I can get someone to help me with this. Sectool-gui says that the home_directory of user "mysql" is world-readable and that it also is world accessible. How do I close that accessibility?
View 6 Replies View RelatedThis morning I ran sectool (in terminal for the first time. Before that I used sectool-gui) and I got this (written to file)...
See attachment please..
I think... the user "Jetty" may be a part of (or has something to do with SQL?).. This machine I have is not a server (in fact I know pretty much nothing about web servers).. this machine is used purely for local app development (python PyQt4/ and C++/wx - making games, general utilities, specialized calculators...etc)
So... Can anyone please tell me who the user "Jetty" is ? (The others are safe, I compiled python/SIP/PyQt4/wx/aliens from source... so that;s probably why it doesn't belong to packages.
Plus, My screen started to flicker some time (could it be possible someone is messing w/ my xorg configs?)
I have a DVD which I can open and play on a machine running 9.04 but I can't get to open and play it on a machine running 10.04.How can I diagnose and prefereably fix the problem?
View 9 Replies View Relatedi have installed ubuntu on vmware and just finished networking part after some trouble.now i need to install the osses hids the most recent release.i need to know what are all the prerequisites and the procedure,i am very much new to the ubuntu or anyother linux based platform,
View 1 Replies View RelatedTrying to figure out which Intrusion Detection System would be best for me. I've got a CentOs 5 / Linux / Apache system. If you've got experience with either (or both ) , please let me know your thoughts. I'm looking for the one thats not as technical, And a bit more user friendly I guess.
View 4 Replies View RelatedI have Ubuntu Lucid Lynx installed and thought I'd try out Mac4Lin. I then decided to remove it and ran the script for doing so. This worked, except that it seems to have removed one of the standard Ubuntu themes (Human) and left some Mac4Lin fonts in my fonts folder (can't say which they all are). How do I repair my Ubuntu installation without upsetting my 3G internet access, etc? I don't have an ethernet connection, but am using Vodacom 3G. Can I do this from the Ubuntu disk?
View 1 Replies View RelatedWhen I activate the Ambiance theme, skype, opera, and probably one or two other applications have black menus with black text. It seems like the black background colour is being used from the Ambiance theme, but the menu text colour is not.
Could it be related to qt4? I just installed Opera qt4 because I read somewhere that qt4 would keep it closer to the theme or something.
I cannot change my window controls to Ambiance theme when compiz effects are on. When I turn off compiz effects, theme selection works as a charm, but when I turn compiz effects on again, I get back to human-clearlooks. In Appearance Preferences -> Theme I can still see Ambiance is selected, but window controls are from human-clearlooks. Every theme changes only colors, icons, fonts etc, but window controls remain. And remain on the right side of window. Everything works as expected when I turn off compiz effects.
In CompizConfig Settings Manager -> Effects -> Window Decoration Command is specified to /usr/bin/compiz-decorator What can I do to have buttons of the left side? I tried to change in gconf-editor in apps -> metacity -> general -> button_layout to "close,minimize,maximize:menu", but it still has no effect on compiz
I am using archlinux with gnome 3. I am trying hard to change my icon theme to human but it just doesnt change. ~/.gtkrc-2.0 [URL]. I tried lxappearance too. After I click on apply and close it gnome kinda restarts and when I open nautilus it shows no change. I had tango icon theme so I deleted that dir from /usr/share/icons. Now it has switched to the default gnome icon theme. How do I change it to Human icon theme?
View 1 Replies View RelatedI'm using Linux Mint 8 64bit with Google Chrome Unstable (same problem with beta).When a video is playing, the time elapsed and total time stay on the screen:Is there a way to make this disappear
View 1 Replies View Related