Search found 6203 matches

by scott
Tue Mar 22, 2022 3:17 pm
Forum: OSSEC
Topic: Duplicate counter error after upgrading to 3.6.0
Replies: 10
Views: 14973

Re: Duplicate counter error after upgrading to 3.6.0

That also happen if a key is pinned to an IP address, or if you've got NAT involved and multiple agents are coming from the same source IP
by scott
Wed Sep 22, 2021 10:14 am
Forum: OSSEC
Topic: Install problem
Replies: 4
Views: 13245

Re: Install problem

That means you're missing the PCRE2 dependency, this part right here:

" fatal error: pcre2.h: no such file or directory"
by scott
Wed Sep 22, 2021 10:13 am
Forum: OSSEC
Topic: Newbie installing OSSEC appliance on ESXi
Replies: 3
Views: 12351

Re: Newbie installing OSSEC appliance on ESXi

I believe the appliance was set up for virtualbox, so you might want to give that a try instead
by scott
Mon Sep 13, 2021 9:30 am
Forum: OSSEC
Topic: agent disconnect
Replies: 7
Views: 16500

Re: agent disconnect

Is there anything in /var/log/messages on the agent about what happened when it stopped running?
by scott
Fri Sep 03, 2021 4:42 pm
Forum: OSSEC
Topic: agent disconnect
Replies: 7
Views: 16500

Re: agent disconnect

Is remoted running?
by scott
Sun Aug 15, 2021 4:55 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Support for Ubuntu 20.04
Replies: 5
Views: 17990

Re: Support for Ubuntu 20.04

Yeah that is confusing huh, so there are 2 projects:

mod_security (2.9.3)- This is for apache

libmodsecurity (3.0.4) - this is for nginx

libmodsecurity is a re-write of mod_security in C++, so it doesnt support all of the same things that mod_security does yet
by scott
Fri Jul 30, 2021 10:07 am
Forum: OSSEC
Topic: Detecting copy or clone of Hard Disk. What log what alert?
Replies: 1
Views: 6260

Re: Detecting copy or clone of Hard Disk. What log what alert?

Unfortunately there is nothing that could detect that from a powered down system like that
by scott
Thu Jul 08, 2021 9:12 am
Forum: OSSEC
Topic: How to configure ossec.conf in windows agent for directory/file monitoring
Replies: 5
Views: 7736

Re: How to configure ossec.conf in windows agent for directory/file monitoring

Yeah, works just fine on Windows, will detect and report changes in real time on windows for files and registries
by scott
Thu Jul 01, 2021 9:24 am
Forum: OSSEC
Topic: rules error
Replies: 2
Views: 6202

Re: rules error

Yeah that was an ordering thing all right, glad you got it sussed out!
by scott
Thu Jul 01, 2021 9:23 am
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 9435

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

It might be less work to use the OUM setup on centos/rocky with the rules.d/decoders.d system for the server
by scott
Wed Jun 30, 2021 2:20 pm
Forum: OSSEC
Topic: How to run ossec win32ui in powershell
Replies: 2
Views: 12397

Re: How to run ossec win32ui in powershell

Are you trying to use that to edit ossec.conf? You could do that in powershell directly if you wanted to
by scott
Tue Jun 29, 2021 9:08 am
Forum: OSSEC
Topic: Windows repo now available
Replies: 3
Views: 17494

Re: Windows repo now available

The latest windows builds are all available at that url
by scott
Tue Jun 29, 2021 9:07 am
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 9435

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

OK so you're using the legacy setup, you need to declare each ruleset manually in the config with the <include> statement. Likely you're just missing the declaration for whatever ruleset contains that group.
by scott
Mon Jun 28, 2021 3:06 pm
Forum: OSSEC
Topic: Installation Start issue Fedora 3.6.0-19869.fc34.art
Replies: 6
Views: 9435

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

Are you using the rules.d/decoders.d design from oum, or the classic design?
by scott
Mon Jun 28, 2021 9:03 am
Forum: OSSEC
Topic: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf'
Replies: 4
Views: 8596

Re: After installing 3.6.0 it doesn't start due to Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf

Did you pick "hybrid" by some chance? Or did you have a hybrid install before? This part here: 2021/06/28 10:40:08 ossec-analysisd(1103): ERROR: Could not open file '/var/ossec/ossec-agent/etc/internal_options.conf' due to [(2)-(No such file or directory)]. See how it says /var/ossec/ossec...