Search found 6203 matches
- Tue Mar 22, 2022 3:17 pm
- Forum: OSSEC
- Topic: Duplicate counter error after upgrading to 3.6.0
- Replies: 10
- Views: 62499
Re: Duplicate counter error after upgrading to 3.6.0
That also happen if a key is pinned to an IP address, or if you've got NAT involved and multiple agents are coming from the same source IP
- Wed Sep 22, 2021 10:14 am
- Forum: OSSEC
- Topic: Install problem
- Replies: 4
- Views: 50397
Re: Install problem
That means you're missing the PCRE2 dependency, this part right here:
" fatal error: pcre2.h: no such file or directory"
" fatal error: pcre2.h: no such file or directory"
- Wed Sep 22, 2021 10:13 am
- Forum: OSSEC
- Topic: Newbie installing OSSEC appliance on ESXi
- Replies: 3
- Views: 47437
Re: Newbie installing OSSEC appliance on ESXi
I believe the appliance was set up for virtualbox, so you might want to give that a try instead
- Mon Sep 13, 2021 9:30 am
- Forum: OSSEC
- Topic: agent disconnect
- Replies: 7
- Views: 62059
Re: agent disconnect
Is there anything in /var/log/messages on the agent about what happened when it stopped running?
- Fri Sep 03, 2021 4:42 pm
- Forum: OSSEC
- Topic: agent disconnect
- Replies: 7
- Views: 62059
Re: agent disconnect
Is remoted running?
- Sun Aug 15, 2021 4:55 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support for Ubuntu 20.04
- Replies: 5
- Views: 31301
Re: Support for Ubuntu 20.04
Yeah that is confusing huh, so there are 2 projects:
mod_security (2.9.3)- This is for apache
libmodsecurity (3.0.4) - this is for nginx
libmodsecurity is a re-write of mod_security in C++, so it doesnt support all of the same things that mod_security does yet
mod_security (2.9.3)- This is for apache
libmodsecurity (3.0.4) - this is for nginx
libmodsecurity is a re-write of mod_security in C++, so it doesnt support all of the same things that mod_security does yet
- Fri Jul 30, 2021 10:07 am
- Forum: OSSEC
- Topic: Detecting copy or clone of Hard Disk. What log what alert?
- Replies: 1
- Views: 14622
Re: Detecting copy or clone of Hard Disk. What log what alert?
Unfortunately there is nothing that could detect that from a powered down system like that
- Thu Jul 08, 2021 9:12 am
- Forum: OSSEC
- Topic: How to configure ossec.conf in windows agent for directory/file monitoring
- Replies: 5
- Views: 16572
Re: How to configure ossec.conf in windows agent for directory/file monitoring
Yeah, works just fine on Windows, will detect and report changes in real time on windows for files and registries
- Thu Jul 01, 2021 9:24 am
- Forum: OSSEC
- Topic: rules error
- Replies: 2
- Views: 13705
Re: rules error
Yeah that was an ordering thing all right, glad you got it sussed out!
- Thu Jul 01, 2021 9:23 am
- Forum: OSSEC
- Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
- Replies: 6
- Views: 19890
Re: Installation Start issue Fedora 3.6.0-19869.fc34.art
It might be less work to use the OUM setup on centos/rocky with the rules.d/decoders.d system for the server
- Wed Jun 30, 2021 2:20 pm
- Forum: OSSEC
- Topic: How to run ossec win32ui in powershell
- Replies: 2
- Views: 46556
Re: How to run ossec win32ui in powershell
Are you trying to use that to edit ossec.conf? You could do that in powershell directly if you wanted to
- Tue Jun 29, 2021 9:08 am
- Forum: OSSEC
- Topic: Windows repo now available
- Replies: 3
- Views: 55734
Re: Windows repo now available
The latest windows builds are all available at that url
- Tue Jun 29, 2021 9:07 am
- Forum: OSSEC
- Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
- Replies: 6
- Views: 19890
Re: Installation Start issue Fedora 3.6.0-19869.fc34.art
OK so you're using the legacy setup, you need to declare each ruleset manually in the config with the <include> statement. Likely you're just missing the declaration for whatever ruleset contains that group.
- Mon Jun 28, 2021 3:06 pm
- Forum: OSSEC
- Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
- Replies: 6
- Views: 19890
Re: Installation Start issue Fedora 3.6.0-19869.fc34.art
Are you using the rules.d/decoders.d design from oum, or the classic design?
- Mon Jun 28, 2021 9:03 am
- Forum: OSSEC
- Topic: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf'
- Replies: 4
- Views: 17214
Re: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf
Did you pick "hybrid" by some chance? Or did you have a hybrid install before? This part here: 2021/06/28 10:40:08 ossec-analysisd(1103): ERROR: Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf' due to [(2)-(No such file or directory)]. See how it says /var/ossec/ossec...