'Re: [ossec-list] Upgrading to version 3.3.0 from earlier release'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    Re: [ossec-list] Upgrading to version 3.3.0 from earlier release
From:       "dan (ddp)" <ddpbsd () gmail ! com>
Date:       2019-05-31 11:26:24
Message-ID: CAMyQvMp6YdKOTQ2JyJd7CHBRSdWTwR+tve70qkC2MYnX1k1+ww () mail ! gmail ! com
[Download RAW message or body]

On Tue, May 28, 2019 at 3:59 PM Buddha Man <namobuddhaonion@gmail.com> wrote:
> 
> I have some questions:
> 
> Do changes need to be made to config files to activate or utilize the new \
> rules/decoders related to rootcheck, last root login, active response, PCRE2 reg ex \
> engine, etc  in the new version? 

rootcheck: It doesn't look like all of the audit files are added to
the configuration, so you may have to add them manually.
I'll have to look at the installation templates to see if they're
present on new installs, but there isn't a built-in way to update them
during upgrades.

active-response: I don't think anything changed beyond maybe a script
update. The scripts will be updated, so those changes should be used
by default.

PCRE2: I don't think there is anything using it in 3.3, but you may
have to run contrib/ossec-pcre2-config.pl on the OSSEC server.

> If yes, what are the recommended settings and how should each rule be utilized?
> 
> How are folks using active response be used on endpoints to fend off potential \
> attacks? 
> Thanks,
> 
> --
> 
> ---
> You received this message because you are subscribed to the Google Groups \
> "ossec-list" group. To unsubscribe from this group and stop receiving emails from \
> it, send an email to ossec-list+unsubscribe@googlegroups.com. To view this \
> discussion on the web visit \
> https://groups.google.com/d/msgid/ossec-list/c79b2828-767e-43c5-a290-a0bcba3980a9%40googlegroups.com.
>  For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. To view this discussion on \
the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMp6YdKOTQ2JyJd7CHBRSdWTwR%2Btve70qkC2MYnX1k1%2Bww%40mail.gmail.com.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic