Search found 1672 matches

by mikeshinn
Mon Sep 20, 2021 2:17 pm
Forum: General Help and Development Discussion
Topic: Help to Install Python on Ubuntu
Replies: 1
Views: 1060

Re: Help to Install Python on Ubuntu

On many distros, the python binary will be named after the version, for example the binary name may be:

python3.9

Instead of python.
by mikeshinn
Mon Aug 16, 2021 9:06 am
Forum: Atomicorp Free Modsecurity Rules
Topic: New rules download page
Replies: 4
Views: 4720

Re: New rules download page

If youre using Apache, and want all of the capabilities of modsecurity, use 2.9.x. 3.x does not have all of the features that 2.9.x does.

If youre using nginx, youll have to use 3.x, 2.9.x is not very stable with nginx.
by mikeshinn
Mon Aug 16, 2021 9:05 am
Forum: Atomicorp Modsecurity Rules Support
Topic: Support for Ubuntu 20.04
Replies: 5
Views: 4760

Re: Support for Ubuntu 20.04

Yes, aum works on Ubuntu. 20.04.

Install aum and it will install modsecurity for you.
by mikeshinn
Thu Jun 10, 2021 10:18 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

How did you provision the key for the agent?
by mikeshinn
Thu Jun 03, 2021 3:28 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

Should be port 1514, is it trying 1415 on your system?
by mikeshinn
Tue Jun 01, 2021 3:05 pm
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 3443

Re: OSSEC Agent specific port instead of random port

Yeah, thats a better option as the OS is what sets the outbound normally.
by mikeshinn
Tue Jun 01, 2021 2:45 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

2021/05/31 14:06:16 ossec-remoted(2202): ERROR: Error uncompressing string. That means something tried to send a message of one size, and it was actually of another. Was this a device sending messages to the syslog listener on 514, or an agent on 1514, and if the later, which version and platform?
by mikeshinn
Tue Jun 01, 2021 2:44 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

So this error means whatevers trying to connect isnt using the right protocol (which could be anything, nmap, telnet, etc.). If thats what you were doing, thats what that means. If not, what agent and version is running on the endpoint, and was this something trying to send events to the hub for sys...
by mikeshinn
Fri May 28, 2021 2:29 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Kernel Status
Replies: 9
Views: 4663

Re: ASL Kernel Status

In ASL/AP v6, we no longer use mysql, that however does not deprecate any functionality in ASL/AP.
by mikeshinn
Fri May 28, 2021 2:28 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 4268

Re: Ossec Agent stays in Never connected state

easiest way is to start remoted from the command line and start it with -d which puts into debug mode.
by mikeshinn
Fri May 28, 2021 2:26 pm
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 3443

Re: OSSEC Agent specific port instead of random port

When you mean random port, do you mean the port the agent is trying to connect to? That should be 1514 by default. If you mean the port the client computer uses to establish the connection, thats controlled by the operating system. Its going to use a high port thats not in use by another outbound co...
by mikeshinn
Mon May 17, 2021 2:26 pm
Forum: OSSEC
Topic: ERROR: Download failed with ERROR (6)
Replies: 7
Views: 3004

Re: ERROR: Download failed with ERROR (6)

Is this on debian?
by mikeshinn
Mon May 17, 2021 2:25 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Kernel Status
Replies: 9
Views: 4663

Re: ASL Kernel Status

We have a kernel module we will be releasing soon. The key reason weve moved away from a dedicated kernel was PHP. The JIT compiler while making PHP much faster, needs to violate the memory protection model (so it can work), and everytime a control panel updated PHP they overwrote the flags that all...
by mikeshinn
Fri May 14, 2021 12:10 pm
Forum: OSSEC
Topic: json log format
Replies: 1
Views: 1889

Re: json log format

<jsonout_output>yes</jsonout_output> Is the new systax. It belongs in the global settngs, for example: <global> <email_notification>yes</email_notification> <email_to>root@localhost</email_to> <smtp_server>127.0.0.1</smtp_server> <helo_server>localhost</helo_server> <email_from>localhost</email_from...