Day after day, I’m getting happier with The OSSEC HIDS.
I started a new virtualhost configuration in my Apache Server to listen in multiple ports. 8001 in this case. Let’s check out what e-mail message OSSEC sent to me. It shows the listen status ports before and after.
OSSEC HIDS Notification. 2014 Mar 13 13:02:13 Received From: srvcob->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)." Portion of the log(s): ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:38873 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN tcp 0 0 :::111 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::41383 :::* LISTEN tcp 0 0 :::443 :::* LISTEN tcp 0 0 :::8001 :::* LISTEN tcp 0 0 :::80 :::* LISTEN Previous output: ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:38873 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5672 0.0.0.0:* LISTEN tcp 0 0 :::111 :::* LISTEN
<< All Posts