Search found 6197 matches

by scott
Fri Jul 30, 2021 10:07 am
Forum: OSSEC
Topic: Detecting copy or clone of Hard Disk. What log what alert?
Replies: 1
Views: 47

Re: Detecting copy or clone of Hard Disk. What log what alert?

Unfortunately there is nothing that could detect that from a powered down system like that
by scott
Thu Jul 08, 2021 9:12 am
Forum: OSSEC
Topic: How to configure ossec.conf in windows agent for directory/file monitoring
Replies: 5
Views: 368

Re: How to configure ossec.conf in windows agent for directory/file monitoring

Yeah, works just fine on Windows, will detect and report changes in real time on windows for files and registries
by scott
Thu Jul 01, 2021 9:24 am
Forum: OSSEC
Topic: rules error
Replies: 2
Views: 329

Re: rules error

Yeah that was an ordering thing all right, glad you got it sussed out!
by scott
Thu Jul 01, 2021 9:23 am
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 896

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

It might be less work to use the OUM setup on centos/rocky with the rules.d/decoders.d system for the server
by scott
Wed Jun 30, 2021 2:20 pm
Forum: OSSEC
Topic: How to run ossec win32ui in powershell
Replies: 1
Views: 300

Re: How to run ossec win32ui in powershell

Are you trying to use that to edit ossec.conf? You could do that in powershell directly if you wanted to
by scott
Tue Jun 29, 2021 9:08 am
Forum: OSSEC
Topic: Windows repo now available
Replies: 1
Views: 3906

Re: Windows repo now available

The latest windows builds are all available at that url
by scott
Tue Jun 29, 2021 9:07 am
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 896

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

OK so you're using the legacy setup, you need to declare each ruleset manually in the config with the <include> statement. Likely you're just missing the declaration for whatever ruleset contains that group.
by scott
Mon Jun 28, 2021 3:06 pm
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 896

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

Are you using the rules.d/decoders.d design from oum, or the classic design?
by scott
Mon Jun 28, 2021 9:03 am
Forum: OSSEC
Topic: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf'
Replies: 4
Views: 751

Re: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf

Did you pick "hybrid" by some chance? Or did you have a hybrid install before? This part here: 2021/06/28 10:40:08 ossec-analysisd(1103): ERROR: Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf' due to [(2)-(No such file or directory)]. See how it says /var/ossec/ossec...
by scott
Mon Jun 28, 2021 9:02 am
Forum: OSSEC
Topic: oum update ERROR: Download failed with ERROR (6)
Replies: 5
Views: 2539

Re: oum update ERROR: Download failed with ERROR (6)

Yeah curl error code 6 is saying it cant resolve the hostname, https://curl.se/libcurl/c/libcurl-errors.html

DNS problem maybe?
by scott
Mon Jun 21, 2021 9:15 am
Forum: Atomicorp Modsecurity Rules Support
Topic: AlmaLinux support
Replies: 1
Views: 1032

Re: AlmaLinux support

We havent looked at that one yet, but we support Rocky Linux 8 now
by scott
Fri Jun 11, 2021 9:01 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

Nothing like that, just that when you change the key you have to restart the agent, otherwise its using the older key still. So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the ou...
by scott
Thu Jun 10, 2021 4:29 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2747

Re: Ossec Agent stays in Never connected state

OK so at this point (correct me if any of these arent validated) 1. Key: Probably OK, unless theres a transcribing error. 2. remoted is listening on port UDP 1514 3. agent traffic is confirmed to be reaching the server on UDP 1514 Never connected is a state you'd get only if initial session packet d...
by scott
Thu Jun 10, 2021 9:24 am
Forum: PHP Help and Discussion
Topic: PHP 5.6 end of support
Replies: 1
Views: 1285

Re: PHP 5.6 end of support

So the SCL packaging system in RHEL/Rocky/Centos allows multiple installations of PHP concurrently so you could still have different options in the environment.

Otherwise PHP 5.4.x is maintained by redhat on RHEL/Centos 7 until june 2024