Rodolfo Bandeira

Rodolfo Bandeira

software, electronics, security, devops, thoughts

OSSEC notifications and Listen ports

Day after day, I’m getting happier with The OSSEC HIDS.

I started a new virtualhost configuration in my Apache Server to listen in multiple ports. 8001 in this case. Let’s check out what e-mail message OSSEC sent to me. It shows the listen status ports before and after.

OSSEC HIDS Notification.
2014 Mar 13 13:02:13

Received From: srvcob->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort
Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new port opened or closed)."
Portion of the log(s):

ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort':
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:38873               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      
tcp        0      0 :::111                      :::*                        LISTEN      
tcp        0      0 :::22                       :::*                        LISTEN      
tcp        0      0 :::41383                    :::*                        LISTEN      
tcp        0      0 :::443                      :::*                        LISTEN      
tcp        0      0 :::8001                     :::*                        LISTEN      
tcp        0      0 :::80                       :::*                        LISTEN      
Previous output:
ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort':
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:38873               0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:5672                0.0.0.0:*                   LISTEN      
tcp        0      0 :::111                      :::*                        LISTEN

Last modified:

LinkedIn
WhatsApp