Search found 7 matches
- Sat Jan 27, 2018 10:11 am
- Forum: OSSEC
- Topic: [UPDATE] Constant /etc/asl/whitelist checksum alerts
- Replies: 9
- Views: 11667
[UPDATE] Constant /etc/asl/whitelist checksum alerts
Initially posted (wrongly) in "Atomicorp Yum Repository Forums » General Help and Development Discussion" Hi, Ever since a recent reboot, I've been getting 550 alerts regarding a changing checksum on /etc/asl/whitelist. Looking at the file, seems like the access time is changing every minu...
- Thu Jan 25, 2018 8:08 am
- Forum: General Help and Development Discussion
- Topic: Constant /etc/asl/whitelist checksum change
- Replies: 0
- Views: 16014
Constant /etc/asl/whitelist checksum change
Hi, Ever since a recent reboot, I've been getting 550 alerts regarding a changing checksum on /etc/asl/whitelist. Looking at the file, seems like the access time is changing every minute. The content of the file, its size and other properties of the file do not change at all. I also checked the SHA1...
- Sat May 14, 2016 7:03 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Setting ASL firewall policy to ACCEPT: [FAILED]
- Replies: 1
- Views: 7517
Setting ASL firewall policy to ACCEPT: [FAILED]
Hi, A few firewall problems, that could be related. First, i got this email alert: asl-firewall: Setting ASL firewall policy to ACCEPT: [FAILED] pubco asl-firewall: Error occurred at line: 14 Then wanted to remove an IP from the whitelist: sudo asl --remove-whitelist xxx.xxx.xxx.xx 2 48 ASLRBC Rever...
- Thu Jul 09, 2015 11:49 am
- Forum: Atomic Protector (formerly ASL)
- Topic: xmlrpc.php Wordpress abuse
- Replies: 3
- Views: 5597
xmlrpc.php Wordpress abuse
Hi, Seems like my server is subjected to a lot of abusive POST requests to xmlrpc.php: [05/Jul/2015:13:13:51 -0400] "POST /xmlrpc.php HTTP/1.1" 200 370 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" Google Bot is not the culprit, of course. According to what I fo...
- Tue Mar 31, 2015 9:24 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Error: /proc must be mounted
- Replies: 4
- Views: 6079
Re: Error: /proc must be mounted
Thanks for your reply. Here is the full ASL notification, containing the pertaining log: OSSEC HIDS Notification. 2015 Mar 25 16:03:13 Received From: server->/var/log/tortixd/asl_error_log Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Error...
- Thu Mar 26, 2015 8:01 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Error: /proc must be mounted
- Replies: 4
- Views: 6079
Re: Error: /proc must be mounted
Hi, It's an OpenVZ VPS. /proc is mounted. Sure enough, the logs do not show any "Error: /proc must be mounted" past the last apache graceful restart shown, tonight. I gather this restart was initiated by ASL? The problem lasted between 2 graceful restart, from the 25 to the 26, and has now...
- Wed Mar 25, 2015 12:20 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Error: /proc must be mounted
- Replies: 4
- Views: 6079
Error: /proc must be mounted
Hi,
Just noticed the ASL log is full of:
Error: /proc must be mounted
And some:
/var/asl/lib/firewall/tcp_ecn: line 11: /proc/sys/net/ipv4/tcp_ecn: Permission denied
Any idea why would this be happening?
Many thanks,
Francois
Just noticed the ASL log is full of:
Error: /proc must be mounted
And some:
/var/asl/lib/firewall/tcp_ecn: line 11: /proc/sys/net/ipv4/tcp_ecn: Permission denied
Any idea why would this be happening?
Many thanks,
Francois