I have emailed you for more details. Thank you!seni_77589 wrote: ↑Tue Mar 12, 2024 7:09 pm Hi,
For some reason I seem to have the same issue. Can you please help me?
Thank you.
Regards,
Seni
Search found 61 matches
Re: ossec+
- Wed Mar 06, 2024 1:33 pm
- Forum: Help with other free stuff
- Topic: Atomic archive configuration script bug on debian
- Replies: 2
- Views: 2209
Re: Atomic archive configuration script bug on debian
We have opened an issue report with the developers. Thank you for reaching out!
- Tue Nov 14, 2023 9:52 am
- Forum: OSSEC
- Topic: Centos9/RHEL9 Repo
- Replies: 3
- Views: 46997
Re: Centos9/RHEL9 Repo
What are you trying to install? Modsec, ASL, or OSSEC?
- Mon Mar 27, 2023 9:28 am
- Forum: General Help and Development Discussion
- Topic: CVSSv3 Support?
- Replies: 1
- Views: 43087
Re: CVSSv3 Support?
Atomic Ossec uses cvss3. We favor 3 over 2 in the aggregations. if there's a cvss3 score in the event, we use it
- Mon Dec 05, 2022 3:45 pm
- Forum: OSSEC
- Topic: How to setup Ossec with Ubuntu server at AWS and local windows clients
- Replies: 1
- Views: 37982
Re: How to setup Ossec with Ubuntu server at AWS and local windows clients
For your first question, it is best not to tie an IP to an agent key and OSSEC will not default to that option. The server is never going to see the LAN IP at all and some of yours are dynamic. For your second question, most of the ossec rules with regards to breeches will be labeled as a level 7 ru...
- Fri Nov 04, 2022 9:35 am
- Forum: OSSEC
- Topic: Agents Disconnecting- Error Waiting Mutex (Timeout).
- Replies: 2
- Views: 38340
Re: Agents Disconnecting- Error Waiting Mutex (Timeout).
It could mean that the OS is restricting processes through systemd, or possibly selinux. Or maybe 2 instances of the agent are running at the same time?
A good place to start would be to stop the agent, and see if any processes are still running.
A good place to start would be to stop the agent, and see if any processes are still running.
- Tue Sep 27, 2022 3:25 pm
- Forum: OSSEC
- Topic: analysisd /logs/archive/2022 No such file or directory
- Replies: 1
- Views: 38014
Re: analysisd /logs/archive/2022 No such file or directory
Stop the ossec-hids process and then rm the pid file and restart the service. See if that kicks it into gear.
- Tue Sep 13, 2022 9:15 am
- Forum: OSSEC
- Topic: Rule 553 (syscheck file deletion) is not triggering
- Replies: 1
- Views: 38244
Re: Rule 553 (syscheck file deletion) is not triggering
Hello!
Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>
Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>
- Fri Aug 12, 2022 8:57 am
- Forum: Help with other free stuff
- Topic: OSSEC Server - no add agent button
- Replies: 1
- Views: 44660
Re: OSSEC Server - no add agent button
Hi John,
You have a Ubuntu HUB with a UI so I am assuming you are using Atomic OSSEC enterprise version. If that is the case, you can go to Asset Management > Add agent. From here you can either use the instructions to add an agent manually, or you can use automated agent installation
You have a Ubuntu HUB with a UI so I am assuming you are using Atomic OSSEC enterprise version. If that is the case, you can go to Asset Management > Add agent. From here you can either use the instructions to add an agent manually, or you can use automated agent installation
- Mon Aug 01, 2022 8:13 am
- Forum: OSSEC
- Topic: ossec agent error for directories C:\Windows\system32\drivers\testPTS
- Replies: 1
- Views: 38533
Re: ossec agent error for directories C:\Windows\system32\drivers\testPTS
Error opening directory: 'C:\windows\system32\drivers\testPTS: No such file or directory
This is saying the testPTS directory does not exist. It could also be that ossec does not have permissions to it.
This is saying the testPTS directory does not exist. It could also be that ossec does not have permissions to it.
- Fri Jul 08, 2022 11:01 am
- Forum: OSSEC
- Topic: Centos9/RHEL9 Repo
- Replies: 3
- Views: 46997
Re: Centos9/RHEL9 Repo
We are not working on CentOS/RHeL 9 repos at this time, but it is in the works later this year
- Wed Jul 06, 2022 8:03 am
- Forum: Atomic OSSEC
- Topic: Matching certain rule crashes the system
- Replies: 5
- Views: 62910
Re: Matching certain rule crashes the system
Have you taken a look into the active response log if that is enabled? /var/ossec/logs/active-responses.log
- Tue Jun 14, 2022 8:27 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Atomicorp down?
- Replies: 3
- Views: 59117
Re: Atomicorp down?
Hi Jonas,
Yes the update server was unreachable for a time. It has been corrected. We apologize for the trouble!
Yes the update server was unreachable for a time. It has been corrected. We apologize for the trouble!
- Wed Jun 08, 2022 8:52 am
- Forum: OSSEC
- Topic: ossec 3.7.0-24343/oum 0.5-24317 - OFE-Compliance error - gdpr/nist/hipaa/pcidss rules not found
- Replies: 2
- Views: 117433
Re: ossec 3.7.0-24343/oum 0.5-24317 - OFE-Compliance error - gdpr/nist/hipaa/pcidss rules not found
Good morning,
That error is benign. The gdpr/nist/hippa/pcidss rules are not included in the community ruleset. You might consider upgrading if those are rules that you need for yourself. Atomic Protector would work if you only have one system:
https://atomicorp.com/atomic-protector/
That error is benign. The gdpr/nist/hippa/pcidss rules are not included in the community ruleset. You might consider upgrading if those are rules that you need for yourself. Atomic Protector would work if you only have one system:
https://atomicorp.com/atomic-protector/
- Wed Apr 27, 2022 8:55 am
- Forum: OSSEC
- Topic: How to analyze/monitoring OSSEC on Ubuntu
- Replies: 1
- Views: 41083
Re: How to analyze/monitoring OSSEC on Ubuntu
If you are looking for a dashboard option, you can use Atomic OSSEC: https://atomicorp.com/atomic-enterprise-ossec/ Or, you can setup and install elastic with OSSEC. https://www.ossec.net/docs/cookbooks/recipes/elasticstack.html Also, if you are looking for more options for output, please see: https...