Can ossec be run from ubuntu with less notifications to mail only intrusions. i really dont wish to be notified of every single thing that goes on in my system. i only want to be notified of intrusions and anything else that would be of serious concern. can anyone tell me what setting i can do to achieve the goal in mind ?
View 3 RepliesI just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
View 5 Replies View RelatedOSSEC is detecting a trojaned version of /bin/login on a Lucid clean install.[FAILED]: Trojaned version of file '/bin/login' detected. Signature used:bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|s ukasuk' (Generic).
I am striving to setup OSSEC to monitor some specific files for realtime changes! Is this possible? I can't really find a lot of info from their Documentation
Some Examples:
/etc/myfile.txt is deleted. I need this to be reported.
/etc/myfile.txt is created again so I need this to be reported again!
This has to happen instantly though, because the file might be deleted and created again many times in a short period of time.. Another one...
/etc/passwd is touched (accessed) even if there is no changes! Can this be reported as well?
i have installed Ossec and save it on my sql database but the timestamp of alert is not human readable, how to make it readable ? is there algorithm to make it readable?
View 1 Replies View RelatedI'm using Evolution in KDE and everything's working well except for the notifications (calendar and new mail particularly). I'm guessing those are in different packages? how to get these running? Oh and one more thing, regardless of my default browser, evolution opens things up in rekonq by default. How might I get this working for firefox?
View 1 Replies View RelatedHey anyone here know how to setup OTRS e-mail notifications. i'm trying to get it to send me an e-mail whenever a ticket is created.
View 2 Replies View RelatedI know I've probably should've searched a little harder than what I already did but... If evolution mail is closed, I get no notifications... How can I minimize this to the tray, or have the notifications show even with the program closed?
View 7 Replies View RelatedIs there a way to get an account on Pidgin, say an MSN account that has the option to display email notifications checked, to open a selected email client such as Evolution or Thunderbird instead of opening Hotmail in a tab in Firefox?
View 1 Replies View RelatedWhen I reinstalled ubuntu I chose to encrypt my home folder (something that i've never done before) but now that I know it doesn't really make a difference i'd like to decrypt it because the .encryptfs folder is taking up so much space i'm getting notifications every time I log in.
View 7 Replies View RelatedIs there any way to get update notifications for security patches on debian jessie. I was using update-manager and update-notifier and wheezy and that worked good, Update-notifier on jessie doesn't seem like its working...
View 12 Replies View RelatedI have those notifications bubbles that appear right and top of my Screen.
Besides being RIDICULOUSLY big, i don't need them
I don't know if it is the same, but they look like this:
NOTE THIS PICTURE IS JUST AN EXAMPLE I FOUND ON THE INTERNETS - I WANT TO DISABLE ALL NOTIFICATIONS
Two days ago we started to receive the following message:
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
i have installed ubuntu on vmware and just finished networking part after some trouble.now i need to install the osses hids the most recent release.i need to know what are all the prerequisites and the procedure,i am very much new to the ubuntu or anyother linux based platform,
View 1 Replies View RelatedTrying to figure out which Intrusion Detection System would be best for me. I've got a CentOs 5 / Linux / Apache system. If you've got experience with either (or both ) , please let me know your thoughts. I'm looking for the one thats not as technical, And a bit more user friendly I guess.
View 4 Replies View Relatedpossible to use a gpg key registered on a different email account than the account I have linked to evolution. As is now, I have entered the key id into evolution, but it does not decrypt my mails. It does not even ask for a password.simply opens the message and displays a page of code.
View 2 Replies View Relatedhere is my mail log I have setup virtual hosting with postfix and courier examples from my maikl.info file
Code:
8 14:46:46 dynamicweb pop3d: LOGIN FAILED, user=arthur, ip=[::ffff:95.31.15.64]
Jun 8 14:46:46 dynamicweb pop3d: LOGIN FAILED, user=ashley, ip=[::ffff:95.31.15.64]
Jun 8 14:46:46 dynamicweb pop3d: LOGOUT, ip=[::ffff:95.31.15.64]
[Code]...
I'm getting a lot of mail messages with not really any information (that I get anyway) but things like:
@312>
W266>
I372=
[code]...
My /var/log/messages file is being flooded by messages like these.
Code:
After a April Fools' Day joke with fake mails (simply faked by forwarding & changing the text body) I tried to insert "real" fake mail into my online GoogleMail account. It was incredibly simple and that freaks me out a little.
I simply created the mail in Kontact, moved it to the folder I wanted it to appear in and synced - done. Someone with better knowledge might probably even manipulate the Kontact database on my computer and then sync, even changing old mails from years ago.
Is there a way to prevent this or find out that the mail wasn't really e.g. sent but just faked? I'm working at the university as a teaching assistant at the moment and from time to time you have those "No, I didn't miss the deadline, I send the mail with the paper to you" students. It was never necessary until now, but I always thought that I might check that by simply asking the student to show me his or her "Sent" folder in their online mail account. But that won't work if you can insert mails into your "Sent" folder via disconnected IMAP.
i m using centos 5.4 for Data Server, there i hv shared a directory to store data. i want, when ever owner of that data does delete any thing from directory, system should send me a mail with logs of that deletion action with the detail some thing like bellow
1- IP of system, from where owner did access the server and delete the data.
2- Date, Time and Name of File with Path.
These logs should be sent me by email automatically.
iam working on mail server in redhat centos. i want to know how to secure my mail server for heavy loading , any monitoring tools in GUI or console , is any essential tool which is used in Like MNC for mail server..
i know few command in like top,netstat,etc through google but i willing to know some more
know this is vague but I reallydont know much about securityhow secure is the citadel server
View 2 Replies View RelatedI have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.
I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.
On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.
How can I get the rkhunter results in the logwatch mail on my Centos server?
I was recently connecting securely to the website where I have my mail account, and I connected through Tor. When doing so firefox presents me with the screen saying that the connection is untrusted and it can't verify the certificate. So I cancelled. I'm using torbutton and I turned torbutton to off and connected again with no problem. Then with torbutton on again, same thing (untrusted).
Is it possible the exit node I was going through is doing a man in the middle attack? However later when connecting through tor I did NOT get the warning about the site being untrusted. I really don't know what exit node I was using when I got the certificate warning and what exit node I was using when I did not recieve the warning. I don't know how long I stay on the same node or how/when it changes.
i configured sendmail with squirrelmail in RHEL5.3
it is working fine. i can send the mail and receive the mail .
but when i try to send the mail a selinux error is coming[but mail is sending successfully ]. i don't under stand this message.
Quote:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll (httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this access.Instead, you can generate a local policy module to allow this access - see FAQ(url) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (url) against this package.
Additional Information:
Source Context system_u:system_r:system_mail_t
Target Context system_u:system_r:httpd_t
Target Objects eventpoll [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
code....
I'm about to create a CSR and was reading this page in the Ubuntu docs: [URL] A couple of things:
* There's no date on the article. The documentation needs DATES because this information gets out of date! Check MySQL docs, for instance -- they are organized by version.
* The instructions for generating a cert only specify 2048 bits. I believe that's kind of out of date? The verisign site has big red warnings saying you need 2048 if you want your cert to last past 2013 -- and that article is 4 years old!
* The instructions are confusing when discussing the passphrase. We enter a passphrase only to remove it immediately. We need some clarity here. Why do this?
How to understand the current best practices for generating an HTTPS cert for apache and/or mail access?
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I installed Lucid Lynx a week ago and I have a problem with the notifications. The notifications that appear on the screen stay for a long time, about 10 seconds. How to control these notifications so that I can reduce the time?
View 1 Replies View Related