Finding the logs in my server. I generally use lsof to list what is my server. lsof | grep log I check which log are reading by OSSEC Check cat /var/ossec/etc/ossec.conf |grep "<location>/" Add new access log to OSSCE. /var/ossec/bin/util.sh addfile /var/log/httpd/nic.access_log OR Just update “/var/ossec/etc/ossec.conf” Then add some log or run your server to get some log echo "123.231.120.128 ...

Testing Log forwarding in OSSEC OSSEC client and server is connected using UDP port 1514. Need to testing message passing over UDP. To see ossec network connections is there by below command # netstat -putan | grep ossec There must to be results in both server and client Here it in server Here it is client (agent) To check if ossec-server is receiving data on ...

Host based firewall in Linux Linux comes with a host based firewall called Netfilter. 'iptables' is program linux based firewall and it handles filtering for IPv4, and ip6tables. This post lists most simple iptables solutions required by a new Linux user to secure his or her Linux operating system from intruders. Displaying the Status of Your Firewall iptables -L -n -v -L : List rules-v ...

Adding OSSEC client to OSSEC Server For this you will need two machine, one for OSSEC server and other one for OSSEC client. Post contains mainly two components OSSEC server OSSEC agent (client) 1. Install the server and steps are explain in previous article. and same way install OSSEC agent in other machine. 2. In server add new agent by # /var/ossec/bin/manage_agents (Enter you client IP ...

Creating Correlation Rules and Alarms in AlienVault The goal of a correlation analysis is to see whether two measurement variables co vary, and to quantify the strength of the relationship between the variables. Correlation is important to make sense out of all that information in the system. Correlation to the rescue and increase evidence of the event and the business impact and the event a false positiveness. ...

Advance Tutorial in OSSIM Directive Following Event in OSSIM In server if there is flow of above we will need trigger (alert) in our ossim. User make ‘QUIT’ event with following ‘DATA’ event <directive id="500002" name="Exceeding the email count" priority="4"> <rule type="detector" name="Exceeding the mail count" from="ANY" to="ANY" port_from="ANY" port_to="ANY" reliability="1" occurrence="1" plugin_id="9002" plugin_sid="4"> <rules> <rule type="detector" name="Test" from="ANY" to="ANY" port_from="ANY" port_to="ANY" reliab

OSSIM Correlation Correlation is a process performed by the correlation engine on OSSIM. The correlation engine reads all the directives on startup in order to match individual rules or events. OSSIM’s directives are defined using xml 1.0. Rules are build as logical tree consisting of 'if' and 'or' statements, joined them to provide reliable means of identifying attacks or network misbehavior. A ...

Making OSSIM Alarm from Event This post we will going to genrate alarm from ossim when custom event (attack or interested event) is occurred in our system. I will be using custom plug that we built. 1. Go to the “Data source”configuration -> threat_intelligence -> data_source 2. Then pick our custom data source (hello) which we created. (How to create OSSIM custom data source) 3. ...

Reading a custom log file from OSSIM Let write OSSIM plugin read hello log (which is my custom log file for this post). For this post I will call my plugin as ‘hello’ and it read log file called ‘hello. log’. Creating the plugin configuration file – hello.cfg CFG file contains fields called 'DEFAULT', 'config', translation and rules Plugins can be found in below location. we have ...

OSSIM components This post explain the steps to enable both OSSEC and SSH plugins in OSSIM. First we enable the plugins. 1. Update the ossim configuration variables at /etc/ossim/ossim_setup.conf Add ossec and ssh into the ‘detectors’ 2. As config is updated and now we run ossim-reconfig by ossim-reconfig -c -v –d 2.1 In SSH and OSSEC plugin config can be found in ...

module.exports VS exports module.exports is the object that's actually returned as the result of a require call. Modules use exports to make things available. The exports variable is initially set to that same object You can create nodejs application and include below codes for package.json { "name": "tutorial", "version": "1.0.0", "scripts": { "start": "node server.js" }} Then create two js files hello.js server.js ...

Adding agent for OSSIM from OSSEC Need to install OSSEC and OSSIM in you network. First we extract key from OSSIM 1. Go to OSSIM web UI and navigate to 'environment' => 'detection'2. Click on 'Agents' 3. Pick agent and click on key icon for 'Extract Key' Add agent for OSSEC 1. From below command we can find agents /var/ossec/bin/manage_agents -l 2. Open “manage agents”/var/ossec/bin/manage_agents it ...

OSSEC service for Centos7 OSSEC can be called as Log-based Intrusion Detection System (LIDS). You will need nano / vim and wget install in CentOS. You can used below command to install them. yum install wgetyum install nano 1. Let’s download OSSEC wget -U ossec http://www.ossec.net/files/ossec-hids-2.8.2.tar.gz 2. unzip ittar xf ossec-hids-2.8.2.tar.gz 3. Open host-deny.sh vim active-response/host-deny.sh 4. Remove spaces in below locationeg: TMP_FILE = ...

In this post contains some tips on using the setTimeout() and setInterval() functions in nested manner and using JavaScript reference in those. setTimeout() is used to call function after period of time. setInterval() is used to call function in a loop of time. There is function x(){} which need to called after 30 seconds.setTimeout(x(), 30000); Now I need to call ...

This post how to enable CORS in Node. CORS means cross-domain requests. Simply using below line of code in the application respond level will solve CORS issue. res.header("Access-Control-Allow-Origin", "*"); By below lines enable CORS for all the routes in that server. app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); next();}); you can add this for resources files ...

In here we will try to mange session in node application. Here are the dependencies which is used in this sample "dependencies": { "express": "^4.8.7", "express-session": "^1.7.6" } express-session module needs express. Therefore you have to add express in your project also. var express = require('express');var session = require('express-session');var app = express(); session can be initialized by below code. Here ...

dhis2-android-dashboard Build from Source DHIS 2 [1] is health management information system and DHIS Mobile covers the wide area of mobile development related to DHIS2, with focus on a wide portfolio of solutions for utilizing mobile technology. Let build dhis2-android-dashboard from source [2]. 1. Get git clone from source [2]. (You can use ‘legacy’ branch for build for now, No breaks) 2. Get SDK ...

I need rename some files in dir after processing some regex on there files names and files types. I was looking for terminal / cmd command for this. Put I just wrote python script in few minutes (2 mins) and it works. It make my life easy with my PC. In the directory there are huge amount of files with ...

Installing NodeJS in CentOS It is fast and quick, just only two steps 1. Get the setup curl --silent --location https://rpm.nodesource.com/setup_4.x | bash - Note --location If the server reports that the requested page has moved to a different location this option will make curl redo the request on the new place. --silent Makes curl mute (silent mode). Don't show progress meter or error ...

Packaging and Distributing Python Projects Requirements Wheel: It is a built package that can be installed without the build procespip install wheel Twine : It is a utility for interacting with PyPIpip install twine Configuring a Project Here are files that will needed in root level. setup.py : It contains a global setup() function. The keyword arguments to this function are how specific details of ...

Previous Page