The 4.0 RPMs are available here:
https://updates.atomicorp.com/channels/ossec-hub-repo/
And the 4.2.x RPMs are available here:
https://updates.atomicorp.com/channels/awp-hub-repo/
Search found 1685 matches
- Tue Jun 16, 2020 4:10 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 82163
- Mon Jun 08, 2020 5:03 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 82163
Re: ossec-remoted not binding to ipv4?
OK, I see whats going on, your system is using the old 3.x open source branch, there a bug in the branch for remoted. You'll want to upgrade to the 4.x branch.
- Wed Jun 03, 2020 3:46 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 82163
Re: ossec-remoted not binding to ipv4?
I have the version which was installed using the instructions from my initial post. How do I find from the command-line what version is installed? Just query the operating system software management system, for example: rpm -qa ossec* For example: [mshinn@threat ~]$ rpm -qa ossec* ossec-hids-4.2.2-...
- Mon Jun 01, 2020 5:22 pm
- Forum: Firewall Help and Discussion
- Topic: PCI Scanner Whitelist IP Range
- Replies: 1
- Views: 9821
Re: PCI Scanner Whitelist IP Range
You can whitelist a CIDR or IP by running this command as root:
asl -w 1.2.3.0/24
And on v6:
awp -w 1.2.3.0/24
asl -w 1.2.3.0/24
And on v6:
awp -w 1.2.3.0/24
- Mon Jun 01, 2020 5:20 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 82163
Re: ossec-remoted not binding to ipv4?
Are you using the open source OSSEC only? And if so, what version? Understood, however, shouldn't the service run on both protocols, or at least be binding to IPv4 in the first instance as still the standard? I'm not sure I understand, remoted will run on both protocols at the same time. It will not...
- Thu May 28, 2020 3:56 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 82163
Re: ossec-remoted not binding to ipv4?
Does ossec-remoted not bind to IPv4 by default? It runs on IPv4 too, for example: [root@host ~]# netstat -anupl | grep ossec-remoted udp 0 0 0.0.0.0:1514 0.0.0.0:* 11174/ossec-remoted [root@host ~]# However, if an IPv4 interface wasnt plumbed when the service was started, then you would only see it...
- Wed May 27, 2020 5:10 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 82163
Re: ossec-remoted not binding to ipv4?
Assuming the agent is trying to connect to the remoted service running on an IPv4 IP, no it doesnt look like you have ossec-remoted running on an IPv4 address. Is the hub system plumbed with an IPv4 address? Alternatively you can use IPv6. If so, what happens if you restart the ossec-hids service? P...
- Fri May 15, 2020 2:40 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 25043
Re: Support CentOS 8?
I'm not sure if Plesk makes the rules available in some other way, but if they provided you with a username and password you can just log into our rules archive with those credentials and download the rules.
- Thu May 14, 2020 5:14 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 25043
Re: Support CentOS 8?
You can however install the rules on your server outside of Plesk, just follow this process:
https://wiki.atomicorp.com/wiki/index.p ... stallation
https://wiki.atomicorp.com/wiki/index.p ... stallation
- Mon May 04, 2020 12:41 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 25043
Re: Support CentOS 8?
We cant speak for Plesk, they may have their own process for installing and configuring modsecurity, but modsecurity rules are not platform dependant. Simply load the rules into modsecurity on whatever platform you are using and theyll work.
- Mon May 04, 2020 12:39 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: BUG: ModSecurity kills posting in this forum?!
- Replies: 3
- Views: 11603
Re: BUG: ModSecurity kills posting in this forum?!
Certainly, the supported rules provide a lot more information and support is provided for any issues the same day the issue is reported, updates for false positives for example are provided the same day they are reported, our goal is provide any update within an hour.
- Sat May 02, 2020 4:38 pm
- Forum: Atomicorp Free Modsecurity Rules
- Topic: BUG: ModSecurity kills posting in this forum?!
- Replies: 3
- Views: 11603
Re: BUG: ModSecurity kills posting in this forum?!
It looks like youre using the unsupported free rules, is that correct?
- Sat May 02, 2020 4:37 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 25043
Re: Support CentOS 8?
The rules are supported on any platform that supports modsecurity, that includes Centos 8.
- Wed Apr 01, 2020 6:22 pm
- Forum: OSSEC
- Topic: ossec-Maild High CPU Utilization
- Replies: 1
- Views: 7869
Re: ossec-Maild High CPU Utilization
Can you put ossec-maild into debug mode and share whats happening when its using an unusually high amount of CPU?
- Wed Mar 11, 2020 5:43 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: error duing asl -s scan
- Replies: 5
- Views: 22722
Re: error duing asl -s scan
That means these options are disabled in ASL/AWP: Advanced Malware Removal Ruleset: off [MODERATE] https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_98_ADV_REDACTOR Just In Time Patches: off [HIGH] https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_99_JITP Basic Malware Removal Ruleset:...