Ask Ubuntu
Ask Ubuntu

Questions tagged [ossec]

OSSEC is an open source host based intrusion detection system. Use this tag for questions related to using OSSEC on Ubuntu.

OSSEC is an open source host based intrusion detection system. Although it is not currently distributed via the Ubuntu archive, it is very popular and available for download from the project's download page.

10 questions
5
votes
2 answers

How to respond to sshd brute force attacks

I recently received a notification from OSSEC HIDS that warns me about a SSHD brute force attack. Below I report the whole message for the sake of completeness: OSSEC HIDS Notification. 2020 Mar 03 12:00:17 Received From:…
Asarluhi
  • 1,767
2
votes
2 answers

OSSEC HIDS reports "Interface entered in promiscuous(sniffing) mode"

I have installed the latest version of OSSEC HIDS (2.8.1), and I keep now getting these email notifications from it: OSSEC HIDS Notification. 2015 Apr 08 11:26:17 Received From: Bath-Towel->/var/log/syslog Rule: 5104 fired (level 8) -> "Interface…
user364819
2
votes
1 answer

Trojaned version of file "egrep" detected by OSSEC HIDS

I have installed the latest stable version of OSSEC (2.8.1), and I have also enabled email notifications and today I got this alert through email: OSSEC HIDS Notification. 2015 Apr 03 17:40:26 Received From: Bath-Towel->rootcheck Rule: 510 fired…
user364819
1
vote
0 answers

Installing OSSEC on Ubuntu

After reading the DigitalOcean's documentation on OSSEC, I decided to install OSSEC on a Ubuntu server 16.04: it is open source and has a good reputation. The above documentation is a bit outdated, though, three years old, so I wonder if it is…
Asarluhi
  • 1,767
1
vote
1 answer

How to stop OSSEC HIDS sending me level 2 alerts?

I have OSSEC HIDS (2.8.3) installed (I have it set up as a local installation) and setup so that it sends me email alerts for the various alert levels. The only problem is with level 2 alerts which are normally nothing of importance and just spam my…
user364819
1
vote
1 answer

/usr/bin/svnadd legit or malicious?

I installed OSSEC, and the following file failed a rootkit check. I'm not sure if it's malicious or what it's doing. Any help would be greatly appreciated! The file is a bash file: /usr/bin/svnadd Below are its contents: #!/bin/sh svn status | perl…
Joseph Odell
  • 67
1
vote
2 answers

OSSEC HIDS alert: Rule: 1003 fired (level 13) -> "Non standard syslog message (size too large)."

I am running the latest stable version of OSSEC HIDS (2.8.1), and I recently received an email notification (as I have enabled them) saying this: OSSEC HIDS Notification. 2015 Apr 20 11:23:04 Received From: Bath-Towel->/var/log/syslog Rule: 1003…
user364819
1
vote
1 answer

OSSEC user accounts disabled

I have recently installed OSSEC (2.8.1), and during the installation I noticed that it created some extra user accounts. But when viewing those user accounts in my System Settings > User Accounts settings I noticed that all of those accounts created…
user364819
0
votes
3 answers

fresh newly rented server, spammed with root login attempts

Hello i've just rented a server at hetzner.de, and decided to follow the toturials at linode for securing my server! i've just completed setting up OSSEC and then right off the bat i get spammed with mails: OSSEC HIDS Notification. 2016 Apr 04…
user297239
  • 21
0
votes
3 answers

OSSEC installation auto-start?

I have just installed the current stable release of OSSEC (2.8.1) for Ubuntu, but at the end of the installation I noticed that it said: - System is Debian (Ubuntu or derivative). - Init script modified to start OSSEC HIDS during boot. -…
user364819