Atomicorp

One of our backup solution's folders is being diff'ed by OSSEC and it is taking up a lot of space. A) Should I edit ossec.conf and add <ignore>/path/to/folder/</ignore> or is there an ASL specific recommended way to do this? B) Is it safe to delete the contents of this folder in /var/ossec/queue/dif...

Does ASL provide protection against the vulnerability described in CVE-2015-0235?

Although it is said that the CentOS patch is being pushed to mirrors as I type, some servers still cant get the fix.

Do you have mod_pagespeed installed? I noticed this happens on my machine only when it's ON.

Not sure ASL would do it, since it's windows software, but it would be nice to have WAF block these: Oct 14 07:32:06 KVM1 www-access-mysite.com: 104.194.12.181 - - [14/Oct/2014:07:31:50 +0000] "HEAD /fckeditor/editor/filemanager/connectors/aspx/upload.aspx HTTP/1.1" 404 - "-" &qu...

I read this but the wiki says "this feature has been deprecated and is no longer supported." Is the wiki referring only to asl -bl or also to asl -ub ? If it refers to both, what is the other option to unblock an IP via command line? When a developer hits the wrong button and gets banned, ...

Here's more info on how to prevent this when upgrading wordpress is not possible: http://perishablepress.com/wordpress-xm ... erability/

I found where it is coming from

https://wordpress.org/support/topic/bod ... e-expected

It would be nice to have ASL handle this hacking attempts at XML-RPC in wordpress, instead of having to install a plugin. Count on my help to build these rules.

The lines are repeatedly the same string, with nothing in between body.xml:1: parser error : ParsePI: PI xmlversion space expected <?xmlversion="1.0"?><methodCall><methodName>pingback.ping</methodName><params><p ^ body.xml:1: parser warning : xmlParsePITarget: invalid name prefix 'xml' <?x...

I just turned on some modsec fetaures, and i got this: Received From: kvm1->/var/log/httpd/error_log Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s): body.xml:1: parser error : ParsePI: PI xmlversion space expected Is this something that needs...

Has this been added to mod_sec yet ( via Redhat )? Workaround: Using mod_security: The following mod_security rules can be used to reject HTTP requests containing data that may be interpreted by Bash as function definition if set in its environment. They can be used to block attacks against web serv...

should I setup a prelink cron job or should i remove prelink and its cache?

thanks

Last night RKhunter (v 1.4.2) had a lot to say (see below). The only yum ran yesterday was yum -y install ipset.x86_64 . Did something happen to RKunter or is this normal behavior? For example, how could ipset affect /usr/bin/perl? Thanks Warning: Package manager verification has failed: File: /sbin...

In addition to the segfaults listed by the OP, I also seeing segfaults on execbss and execdata (grouped with the same ones listed by the OP). I am not running the ASL kernel. Is this normal?

Thanks

Please see this screenshot.

thanks

I believe we got that into 2.2 already I'm still seeing these errors while using ASL 4.0 and stock CentOS 2.6 kernel. Is this still supposed to show up? anonmap[5719]: segfault at 7fa2289f6000 ip 00007fa2289f6000 sp 00007fff38db6008 error 15 execbss[5728]: segfault at 601288 ip 0000000000601288 sp ...