Atomicorp

Initially posted (wrongly) in "Atomicorp Yum Repository Forums » General Help and Development Discussion" Hi, Ever since a recent reboot, I've been getting 550 alerts regarding a changing checksum on /etc/asl/whitelist. Looking at the file, seems like the access time is changing every minu...

Hi, Ever since a recent reboot, I've been getting 550 alerts regarding a changing checksum on /etc/asl/whitelist. Looking at the file, seems like the access time is changing every minute. The content of the file, its size and other properties of the file do not change at all. I also checked the SHA1...

Hi, A few firewall problems, that could be related. First, i got this email alert: asl-firewall: Setting ASL firewall policy to ACCEPT: [FAILED] pubco asl-firewall: Error occurred at line: 14 Then wanted to remove an IP from the whitelist: sudo asl --remove-whitelist xxx.xxx.xxx.xx 2 48 ASLRBC Rever...

Hi, Seems like my server is subjected to a lot of abusive POST requests to xmlrpc.php: [05/Jul/2015:13:13:51 -0400] "POST /xmlrpc.php HTTP/1.1" 200 370 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" Google Bot is not the culprit, of course. According to what I fo...

Thanks for your reply. Here is the full ASL notification, containing the pertaining log: OSSEC HIDS Notification. 2015 Mar 25 16:03:13 Received From: server->/var/log/tortixd/asl_error_log Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): Error...

Hi, It's an OpenVZ VPS. /proc is mounted. Sure enough, the logs do not show any "Error: /proc must be mounted" past the last apache graceful restart shown, tonight. I gather this restart was initiated by ASL? The problem lasted between 2 graceful restart, from the 25 to the 26, and has now...

Hi,

Just noticed the ASL log is full of:

Error: /proc must be mounted

And some:

/var/asl/lib/firewall/tcp_ecn: line 11: /proc/sys/net/ipv4/tcp_ecn: Permission denied

Any idea why would this be happening?

Many thanks,

Francois