[asl-2.0-testing] OSSEC-HIDS 2.0-9

scott · **Posted:** Wed Jun 03, 2009 4:00 pm

Changelog:

Update to snapshot 060309
- This adds in the ability to restart remote agents from the server

To upgrade:

yum --enablerepo=asl-2.0-testing upgrade ossec-hids

aus-city · **Joined:** Thu Oct 26, 2006 11:56 pm **Posts:** 665

Hi Scott,

With this update I am getting these a few an hour. It varies about 2 to 3 per hour:

From: "psmon@xxx" <psmon@xxx>
To: "xxx" <xxx>
Subject: [psmon/xxx] Spawned 'ossec-syscheckd' with '/sbin/service ossec-hids restart'
Headers: Show All Headers
Command executed: /sbin/service ossec-hids restart
Exit value: 0
Signal number: 0
Dumped core?: 0

Shutting down ossec-hids: [ OK ]
Starting ossec-hids: [ OK ]

Any idea's?

It's also happening on two servers and my test server also.

PS - have you seen damn Trend Micro purchased the company that writes ossec? It's on the ossec page. Guess we might see it go away from free

scott · **Posted:** Fri Jun 05, 2009 7:30 am

the trend micro acquisition shouldnt have any effect on OSSEC. It is still a GPL'd project, and Dan Cid has repeated said hes committed to that. In reality the worst that could happen is that trend micro could run off with the trademark "ossec" and the project would have to change the name. Similar to what happened to OSSIM.

In reference to syscheckd, disable it from monitoring. It runs on demand now.

aus-city · **Joined:** Thu Oct 26, 2006 11:56 pm **Posts:** 665

Thanks Scott for the update about Trend and it will continue under GPL

How do I disable ossec from psmon?

Thanks!

scott · **Posted:** Fri Jun 05, 2009 8:20 am

in a word.... vim

aus-city · **Joined:** Thu Oct 26, 2006 11:56 pm **Posts:** 665

As soon as I run asl -s -f the /etc/psmon.conf gets overwritten once again checking syscheckd for ossec

But I edited /var/asl/data/services and removed ossec-hids

asl -s -f and its now ok its dropped ossec-hids

Is that the fix?

[asl-2.0-testing] OSSEC-HIDS 2.0-9

Who is online