Search found 61 matches

by cponton
Thu Mar 14, 2024 2:52 pm
Forum: OSSEC
Topic: ossec+
Replies: 5
Views: 7184

Re: ossec+

seni_77589 wrote: Tue Mar 12, 2024 7:09 pm Hi,

For some reason I seem to have the same issue. Can you please help me?

Thank you.
Regards,
Seni
I have emailed you for more details. Thank you!
by cponton
Wed Mar 06, 2024 1:33 pm
Forum: Help with other free stuff
Topic: Atomic archive configuration script bug on debian
Replies: 2
Views: 56

Re: Atomic archive configuration script bug on debian

We have opened an issue report with the developers. Thank you for reaching out!
by cponton
Tue Nov 14, 2023 9:52 am
Forum: OSSEC
Topic: Centos9/RHEL9 Repo
Replies: 3
Views: 11280

Re: Centos9/RHEL9 Repo

What are you trying to install? Modsec, ASL, or OSSEC?
by cponton
Mon Mar 27, 2023 9:28 am
Forum: General Help and Development Discussion
Topic: CVSSv3 Support?
Replies: 1
Views: 10300

Re: CVSSv3 Support?

Atomic Ossec uses cvss3. We favor 3 over 2 in the aggregations. if there's a cvss3 score in the event, we use it
by cponton
Mon Dec 05, 2022 3:45 pm
Forum: OSSEC
Topic: How to setup Ossec with Ubuntu server at AWS and local windows clients
Replies: 1
Views: 8075

Re: How to setup Ossec with Ubuntu server at AWS and local windows clients

For your first question, it is best not to tie an IP to an agent key and OSSEC will not default to that option. The server is never going to see the LAN IP at all and some of yours are dynamic. For your second question, most of the ossec rules with regards to breeches will be labeled as a level 7 ru...
by cponton
Fri Nov 04, 2022 9:35 am
Forum: OSSEC
Topic: Agents Disconnecting- Error Waiting Mutex (Timeout).
Replies: 2
Views: 7950

Re: Agents Disconnecting- Error Waiting Mutex (Timeout).

It could mean that the OS is restricting processes through systemd, or possibly selinux. Or maybe 2 instances of the agent are running at the same time?

A good place to start would be to stop the agent, and see if any processes are still running.
by cponton
Tue Sep 27, 2022 3:25 pm
Forum: OSSEC
Topic: analysisd /logs/archive/2022 No such file or directory
Replies: 1
Views: 8391

Re: analysisd /logs/archive/2022 No such file or directory

Stop the ossec-hids process and then rm the pid file and restart the service. See if that kicks it into gear.
by cponton
Tue Sep 13, 2022 9:15 am
Forum: OSSEC
Topic: Rule 553 (syscheck file deletion) is not triggering
Replies: 1
Views: 8422

Re: Rule 553 (syscheck file deletion) is not triggering

Hello!

Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>
by cponton
Fri Aug 12, 2022 8:57 am
Forum: Help with other free stuff
Topic: OSSEC Server - no add agent button
Replies: 1
Views: 11423

Re: OSSEC Server - no add agent button

Hi John,

You have a Ubuntu HUB with a UI so I am assuming you are using Atomic OSSEC enterprise version. If that is the case, you can go to Asset Management > Add agent. From here you can either use the instructions to add an agent manually, or you can use automated agent installation
by cponton
Mon Aug 01, 2022 8:13 am
Forum: OSSEC
Topic: ossec agent error for directories C:\Windows\system32\drivers\testPTS
Replies: 1
Views: 8282

Re: ossec agent error for directories C:\Windows\system32\drivers\testPTS

Error opening directory: 'C:\windows\system32\drivers\testPTS: No such file or directory

This is saying the testPTS directory does not exist. It could also be that ossec does not have permissions to it.
by cponton
Fri Jul 08, 2022 11:01 am
Forum: OSSEC
Topic: Centos9/RHEL9 Repo
Replies: 3
Views: 11280

Re: Centos9/RHEL9 Repo

We are not working on CentOS/RHeL 9 repos at this time, but it is in the works later this year
by cponton
Wed Jul 06, 2022 8:03 am
Forum: Atomic OSSEC
Topic: Matching certain rule crashes the system
Replies: 5
Views: 19978

Re: Matching certain rule crashes the system

Have you taken a look into the active response log if that is enabled? /var/ossec/logs/active-responses.log
by cponton
Tue Jun 14, 2022 8:27 am
Forum: Atomicorp Modsecurity Rules Support
Topic: Atomicorp down?
Replies: 3
Views: 18131

Re: Atomicorp down?

Hi Jonas,

Yes the update server was unreachable for a time. It has been corrected. We apologize for the trouble!
by cponton
Wed Jun 08, 2022 8:52 am
Forum: OSSEC
Topic: ossec 3.7.0-24343/oum 0.5-24317 - OFE-Compliance error - gdpr/nist/hipaa/pcidss rules not found
Replies: 2
Views: 85156

Re: ossec 3.7.0-24343/oum 0.5-24317 - OFE-Compliance error - gdpr/nist/hipaa/pcidss rules not found

Good morning,

That error is benign. The gdpr/nist/hippa/pcidss rules are not included in the community ruleset. You might consider upgrading if those are rules that you need for yourself. Atomic Protector would work if you only have one system:
https://atomicorp.com/atomic-protector/
by cponton
Wed Apr 27, 2022 8:55 am
Forum: OSSEC
Topic: How to analyze/monitoring OSSEC on Ubuntu
Replies: 1
Views: 9464

Re: How to analyze/monitoring OSSEC on Ubuntu

If you are looking for a dashboard option, you can use Atomic OSSEC: https://atomicorp.com/atomic-enterprise-ossec/ Or, you can setup and install elastic with OSSEC. https://www.ossec.net/docs/cookbooks/recipes/elasticstack.html Also, if you are looking for more options for output, please see: https...