Search found 63 matches
- Wed Jan 29, 2025 2:02 pm
- Forum: OSSEC
- Topic: Ossec on AL2023 not sending email
- Replies: 5
- Views: 13640
Re: Ossec on AL2023 not sending email
Can you please confirm the version of ossec you are on?
- Tue Jan 28, 2025 1:34 pm
- Forum: OSSEC
- Topic: Ossec on AL2023 not sending email
- Replies: 5
- Views: 13640
Re: Ossec on AL2023 not sending email
1. Verify OSSEC Email Alert Configuration Check the email-related settings in the ossec.conf file, typically located at /var/ossec/etc/ossec.conf. Look for the following tags: <global> <email_notification>yes</email_notification> <email_to>your-email@example.com</email_to> <email_from>ossec@example....
Re: ossec+
I have emailed you for more details. Thank you!seni_77589 wrote: ↑Tue Mar 12, 2024 7:09 pm Hi,
For some reason I seem to have the same issue. Can you please help me?
Thank you.
Regards,
Seni
- Wed Mar 06, 2024 1:33 pm
- Forum: Help with other free stuff
- Topic: Atomic archive configuration script bug on debian
- Replies: 2
- Views: 21115
Re: Atomic archive configuration script bug on debian
We have opened an issue report with the developers. Thank you for reaching out!
- Tue Nov 14, 2023 9:52 am
- Forum: OSSEC
- Topic: Centos9/RHEL9 Repo
- Replies: 3
- Views: 67904
Re: Centos9/RHEL9 Repo
What are you trying to install? Modsec, ASL, or OSSEC?
- Mon Mar 27, 2023 9:28 am
- Forum: General Help and Development Discussion
- Topic: CVSSv3 Support?
- Replies: 1
- Views: 72433
Re: CVSSv3 Support?
Atomic Ossec uses cvss3. We favor 3 over 2 in the aggregations. if there's a cvss3 score in the event, we use it
- Mon Dec 05, 2022 3:45 pm
- Forum: OSSEC
- Topic: How to setup Ossec with Ubuntu server at AWS and local windows clients
- Replies: 1
- Views: 57383
Re: How to setup Ossec with Ubuntu server at AWS and local windows clients
For your first question, it is best not to tie an IP to an agent key and OSSEC will not default to that option. The server is never going to see the LAN IP at all and some of yours are dynamic. For your second question, most of the ossec rules with regards to breeches will be labeled as a level 7 ru...
- Fri Nov 04, 2022 9:35 am
- Forum: OSSEC
- Topic: Agents Disconnecting- Error Waiting Mutex (Timeout).
- Replies: 2
- Views: 56709
Re: Agents Disconnecting- Error Waiting Mutex (Timeout).
It could mean that the OS is restricting processes through systemd, or possibly selinux. Or maybe 2 instances of the agent are running at the same time?
A good place to start would be to stop the agent, and see if any processes are still running.
A good place to start would be to stop the agent, and see if any processes are still running.
- Tue Sep 27, 2022 3:25 pm
- Forum: OSSEC
- Topic: analysisd /logs/archive/2022 No such file or directory
- Replies: 1
- Views: 56121
Re: analysisd /logs/archive/2022 No such file or directory
Stop the ossec-hids process and then rm the pid file and restart the service. See if that kicks it into gear.
- Tue Sep 13, 2022 9:15 am
- Forum: OSSEC
- Topic: Rule 553 (syscheck file deletion) is not triggering
- Replies: 1
- Views: 57637
Re: Rule 553 (syscheck file deletion) is not triggering
Hello!
Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>
Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>
- Fri Aug 12, 2022 8:57 am
- Forum: Help with other free stuff
- Topic: OSSEC Server - no add agent button
- Replies: 1
- Views: 63335
Re: OSSEC Server - no add agent button
Hi John,
You have a Ubuntu HUB with a UI so I am assuming you are using Atomic OSSEC enterprise version. If that is the case, you can go to Asset Management > Add agent. From here you can either use the instructions to add an agent manually, or you can use automated agent installation
You have a Ubuntu HUB with a UI so I am assuming you are using Atomic OSSEC enterprise version. If that is the case, you can go to Asset Management > Add agent. From here you can either use the instructions to add an agent manually, or you can use automated agent installation
- Mon Aug 01, 2022 8:13 am
- Forum: OSSEC
- Topic: ossec agent error for directories C:\Windows\system32\drivers\testPTS
- Replies: 1
- Views: 55952
Re: ossec agent error for directories C:\Windows\system32\drivers\testPTS
Error opening directory: 'C:\windows\system32\drivers\testPTS: No such file or directory
This is saying the testPTS directory does not exist. It could also be that ossec does not have permissions to it.
This is saying the testPTS directory does not exist. It could also be that ossec does not have permissions to it.
- Fri Jul 08, 2022 11:01 am
- Forum: OSSEC
- Topic: Centos9/RHEL9 Repo
- Replies: 3
- Views: 67904
Re: Centos9/RHEL9 Repo
We are not working on CentOS/RHeL 9 repos at this time, but it is in the works later this year
- Wed Jul 06, 2022 8:03 am
- Forum: Atomic OSSEC
- Topic: Matching certain rule crashes the system
- Replies: 5
- Views: 180510
Re: Matching certain rule crashes the system
Have you taken a look into the active response log if that is enabled? /var/ossec/logs/active-responses.log
- Tue Jun 14, 2022 8:27 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Atomicorp down?
- Replies: 3
- Views: 148010
Re: Atomicorp down?
Hi Jonas,
Yes the update server was unreachable for a time. It has been corrected. We apologize for the trouble!
Yes the update server was unreachable for a time. It has been corrected. We apologize for the trouble!