store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Oct 21, 2014 6:15 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: OSSEC 2.0.0-0.090205 test build
Unread postPosted: Thu Feb 05, 2009 7:04 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
This includes a number of new features, including agentless monitoring, C type regular expression engine, and fixes to the mysql back end management system. Test builds are not supported, but we do appreciate the bug reports. Standard disclaimers apply - do not run on production systems, etc.

This announcement is primarily focused at people using mysql to store events, and have been experiencing unstable ossec-dbd processes. These will manifest as PSMON restart events.

Upgrading to 2.0.0-0.090205 can be accomplished with:

Step 1) Upgrade packages
yum --enablerepo=asl-2.0-testing upgrade ossec-hids


Step 2) Update the configuration
asl -m ossec_check.sh -f

Step 3) (Optional) Confirm that firewall rules allow mysql connections over 3306 from localhost
iptables -I INPUT -s localhost -d localhost -p 3306 -j ACCEPT


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Feb 06, 2009 10:19 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jan 15, 2008 3:57 am
Posts: 478
Location: Netherlands
Thx! Scott hope this will be in release soon! :)


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Feb 06, 2009 10:27 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
A followup here, the 2 conditions to verify are related to what happens when mysql is restarted:

1) ossec-dbd not dying

2) events continue to be collected in mysql after the restart


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Feb 06, 2009 12:58 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
This appears to have worked, although I have seen a couple of restarts overnight after the latest version is updated. If I find anything worth reporting I will relay the info


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Feb 06, 2009 2:51 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
Think you could check the logs (or just send them to me) for when/what happened?


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Feb 06, 2009 5:34 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 645
do you want info only on ossec-dbd ?


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Feb 06, 2009 5:50 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7935
Location: earth
yeah just that for now, although if you run into any other issues we can pass them on to the OSSEC team. I know they're really interested in the agentless monitoring stuff


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group