Search found 6196 matches

by scott
Thu Jul 08, 2021 9:12 am
Forum: OSSEC
Topic: How to configure ossec.conf in windows agent for directory/file monitoring
Replies: 5
Views: 235

Re: How to configure ossec.conf in windows agent for directory/file monitoring

Yeah, works just fine on Windows, will detect and report changes in real time on windows for files and registries
by scott
Thu Jul 01, 2021 9:24 am
Forum: OSSEC
Topic: rules error
Replies: 2
Views: 258

Re: rules error

Yeah that was an ordering thing all right, glad you got it sussed out!
by scott
Thu Jul 01, 2021 9:23 am
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 764

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

It might be less work to use the OUM setup on centos/rocky with the rules.d/decoders.d system for the server
by scott
Wed Jun 30, 2021 2:20 pm
Forum: OSSEC
Topic: How to run ossec win32ui in powershell
Replies: 1
Views: 259

Re: How to run ossec win32ui in powershell

Are you trying to use that to edit ossec.conf? You could do that in powershell directly if you wanted to
by scott
Tue Jun 29, 2021 9:08 am
Forum: OSSEC
Topic: Windows repo now available
Replies: 1
Views: 3848

Re: Windows repo now available

The latest windows builds are all available at that url
by scott
Tue Jun 29, 2021 9:07 am
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 764

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

OK so you're using the legacy setup, you need to declare each ruleset manually in the config with the <include> statement. Likely you're just missing the declaration for whatever ruleset contains that group.
by scott
Mon Jun 28, 2021 3:06 pm
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 764

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

Are you using the rules.d/decoders.d design from oum, or the classic design?
by scott
Mon Jun 28, 2021 9:03 am
Forum: OSSEC
Topic: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf'
Replies: 4
Views: 636

Re: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf

Did you pick "hybrid" by some chance? Or did you have a hybrid install before? This part here: 2021/06/28 10:40:08 ossec-analysisd(1103): ERROR: Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf' due to [(2)-(No such file or directory)]. See how it says /var/ossec/ossec...
by scott
Mon Jun 28, 2021 9:02 am
Forum: OSSEC
Topic: oum update ERROR: Download failed with ERROR (6)
Replies: 5
Views: 2391

Re: oum update ERROR: Download failed with ERROR (6)

Yeah curl error code 6 is saying it cant resolve the hostname, https://curl.se/libcurl/c/libcurl-errors.html

DNS problem maybe?
by scott
Mon Jun 21, 2021 9:15 am
Forum: Atomicorp Modsecurity Rules Support
Topic: AlmaLinux support
Replies: 1
Views: 907

Re: AlmaLinux support

We havent looked at that one yet, but we support Rocky Linux 8 now
by scott
Fri Jun 11, 2021 9:01 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2574

Re: Ossec Agent stays in Never connected state

Nothing like that, just that when you change the key you have to restart the agent, otherwise its using the older key still. So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the ou...
by scott
Thu Jun 10, 2021 4:29 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 2574

Re: Ossec Agent stays in Never connected state

OK so at this point (correct me if any of these arent validated) 1. Key: Probably OK, unless theres a transcribing error. 2. remoted is listening on port UDP 1514 3. agent traffic is confirmed to be reaching the server on UDP 1514 Never connected is a state you'd get only if initial session packet d...
by scott
Thu Jun 10, 2021 9:24 am
Forum: PHP Help and Discussion
Topic: PHP 5.6 end of support
Replies: 1
Views: 1144

Re: PHP 5.6 end of support

So the SCL packaging system in RHEL/Rocky/Centos allows multiple installations of PHP concurrently so you could still have different options in the environment.

Otherwise PHP 5.4.x is maintained by redhat on RHEL/Centos 7 until june 2024
by scott
Wed Jun 09, 2021 4:22 pm
Forum: OSSEC
Topic: How do I connect OSSEC Server and Client together in Virtualbox?
Replies: 4
Views: 1034

Re: How do I connect OSSEC Server and Client together in Virtualbox?

Ok thats good, it could be the key. A good way to provision those is to use the ossec-authd service on the server, and the agent-auth client from the agent. Otherwise you could manually do it using manage_agents