Search found 74 matches
- Thu Feb 12, 2015 3:07 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: How to set OSSEC to ignore certain folders
- Replies: 6
- Views: 7370
How to set OSSEC to ignore certain folders
One of our backup solution's folders is being diff'ed by OSSEC and it is taking up a lot of space. A) Should I edit ossec.conf and add <ignore>/path/to/folder/</ignore> or is there an ASL specific recommended way to do this? B) Is it safe to delete the contents of this folder in /var/ossec/queue/dif...
- Wed Jan 28, 2015 7:52 am
- Forum: Atomic Protector (formerly ASL)
- Topic: CVE-2015-0235
- Replies: 2
- Views: 4615
CVE-2015-0235
Does ASL provide protection against the vulnerability described in CVE-2015-0235?
Although it is said that the CentOS patch is being pushed to mirrors as I type, some servers still cant get the fix.
Although it is said that the CentOS patch is being pushed to mirrors as I type, some servers still cant get the fix.
- Fri Nov 21, 2014 12:50 pm
- Forum: PHP Help and Discussion
- Topic: zend_mm_heap corrupted
- Replies: 10
- Views: 27390
Re: zend_mm_heap corrupted
Do you have mod_pagespeed installed? I noticed this happens on my machine only when it's ON.
- Tue Oct 14, 2014 3:50 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: FCKeditor Vuln Scripts
- Replies: 1
- Views: 6476
FCKeditor Vuln Scripts
Not sure ASL would do it, since it's windows software, but it would be nice to have WAF block these: Oct 14 07:32:06 KVM1 www-access-mysite.com: 104.194.12.181 - - [14/Oct/2014:07:31:50 +0000] "HEAD /fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" &qu...
- Mon Oct 06, 2014 6:43 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Unblocking via command line
- Replies: 0
- Views: 5184
Unblocking via command line
I read this but the wiki says "this feature has been deprecated and is no longer supported." Is the wiki referring only to asl -bl or also to asl -ub ? If it refers to both, what is the other option to unblock an IP via command line? When a developer hits the wrong button and gets banned, ...
- Fri Oct 03, 2014 12:48 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ParsePI: PI xmlversion space expected
- Replies: 5
- Views: 11707
Re: ParsePI: PI xmlversion space expected
Here's more info on how to prevent this when upgrading wordpress is not possible: http://perishablepress.com/wordpress-xm ... erability/
- Fri Sep 26, 2014 1:04 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ParsePI: PI xmlversion space expected
- Replies: 5
- Views: 11707
Re: ParsePI: PI xmlversion space expected
I found where it is coming from
https://wordpress.org/support/topic/bod ... e-expected
It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.
https://wordpress.org/support/topic/bod ... e-expected
It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.
- Fri Sep 26, 2014 12:58 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ParsePI: PI xmlversion space expected
- Replies: 5
- Views: 11707
Re: ParsePI: PI xmlversion space expected
The lines are repeatedly the same string, with nothing in between body.xml:1: parser error : ParsePI: PI xmlversion space expected <?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p ^ body.xml:1: parser warning : xmlParsePITarget: invalid name prefix 'xml' <?x...
- Thu Sep 25, 2014 7:24 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ParsePI: PI xmlversion space expected
- Replies: 5
- Views: 11707
ParsePI: PI xmlversion space expected
I just turned on some modsec fetaures, and i got this: Received From: kvm1->/var/log/httpd/error_log Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): body.xml:1: parser error : ParsePI: PI xmlversion space expected Is this something that needs...
- Thu Sep 25, 2014 4:41 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: CVE-2014-6271 & CVE-2014-7169 mitigation via mod_sec
- Replies: 3
- Views: 7533
CVE-2014-6271 & CVE-2014-7169 mitigation via mod_sec
Has this been added to mod_sec yet ( via Redhat )? Workaround: Using mod_security: The following mod_security rules can be used to reject HTTP requests containing data that may be interpreted by Bash as function definition if set in its environment. They can be used to block attacks against web serv...
- Tue Sep 23, 2014 11:15 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Lots of RKhunter alerts
- Replies: 2
- Views: 6921
Re: Lots of RKhunter alerts
should I setup a prelink cron job or should i remove prelink and its cache?
thanks
thanks
- Mon Sep 22, 2014 12:53 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Lots of RKhunter alerts
- Replies: 2
- Views: 6921
Lots of RKhunter alerts
Last night RKhunter (v 1.4.2) had a lot to say (see below). The only yum ran yesterday was yum -y install ipset.x86_64 . Did something happen to RKunter or is this normal behavior? For example, how could ipset affect /usr/bin/perl? Thanks Warning: Package manager verification has failed: File: /sbin...
- Mon Aug 18, 2014 7:46 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Question on paxtests causing segfaults
- Replies: 8
- Views: 10689
Re: Question on paxtests causing segfaults
In addition to the segfaults listed by the OP, I also seeing segfaults on execbss and execdata (grouped with the same ones listed by the OP). I am not running the ASL kernel. Is this normal?
Thanks
Thanks
- Tue Jun 24, 2014 9:19 am
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Interface menu is messed up
- Replies: 1
- Views: 4154
- Sat May 03, 2014 6:45 am
- Forum: General Help and Development Discussion
- Topic: clean install kernel: shlibdata: error 15 in shlibtest2.so
- Replies: 6
- Views: 9375
Re: clean install kernel: shlibdata: error 15 in shlibtest2.
I believe we got that into 2.2 already I'm still seeing these errors while using ASL 4.0 and stock CentOS 2.6 kernel. Is this still supposed to show up? anonmap[5719]: segfault at 7fa2289f6000 ip 00007fa2289f6000 sp 00007fff38db6008 error 15 execbss[5728]: segfault at 601288 ip 0000000000601288 sp ...