Yes, aum works on Ubuntu. 20.04.
Install aum and it will install modsecurity for you.
Search found 1685 matches
- Mon Aug 16, 2021 9:05 am
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support for Ubuntu 20.04
- Replies: 5
- Views: 23626
- Wed Jul 07, 2021 3:55 pm
- Forum: OSSEC
- Topic: How to configure ossec.conf in windows agent for directory/file monitoring
- Replies: 5
- Views: 11851
Re: How to configure ossec.conf in windows agent for directory/file monitoring
Whats your process for testing the agent?
- Thu Jun 10, 2021 10:18 am
- Forum: OSSEC
- Topic: Ossec Agent stays in Never connected state
- Replies: 15
- Views: 27488
Re: Ossec Agent stays in Never connected state
How did you provision the key for the agent?
- Thu Jun 03, 2021 3:28 pm
- Forum: OSSEC
- Topic: Ossec Agent stays in Never connected state
- Replies: 15
- Views: 27488
Re: Ossec Agent stays in Never connected state
Should be port 1514, is it trying 1415 on your system?
- Tue Jun 01, 2021 3:05 pm
- Forum: Atomic OSSEC
- Topic: OSSEC Agent specific port instead of random port
- Replies: 6
- Views: 17181
Re: OSSEC Agent specific port instead of random port
Yeah, thats a better option as the OS is what sets the outbound normally.
- Tue Jun 01, 2021 2:45 pm
- Forum: OSSEC
- Topic: Ossec Agent stays in Never connected state
- Replies: 15
- Views: 27488
Re: Ossec Agent stays in Never connected state
2021/05/31 14:06:16 ossec-remoted(2202): ERROR: Error uncompressing string. That means something tried to send a message of one size, and it was actually of another. Was this a device sending messages to the syslog listener on 514, or an agent on 1514, and if the later, which version and platform?
- Tue Jun 01, 2021 2:44 pm
- Forum: OSSEC
- Topic: Ossec Agent stays in Never connected state
- Replies: 15
- Views: 27488
Re: Ossec Agent stays in Never connected state
So this error means whatevers trying to connect isnt using the right protocol (which could be anything, nmap, telnet, etc.). If thats what you were doing, thats what that means. If not, what agent and version is running on the endpoint, and was this something trying to send events to the hub for sys...
- Fri May 28, 2021 2:29 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Kernel Status
- Replies: 9
- Views: 33576
Re: ASL Kernel Status
In ASL/AP v6, we no longer use mysql, that however does not deprecate any functionality in ASL/AP.
- Fri May 28, 2021 2:28 pm
- Forum: OSSEC
- Topic: Ossec Agent stays in Never connected state
- Replies: 15
- Views: 27488
Re: Ossec Agent stays in Never connected state
easiest way is to start remoted from the command line and start it with -d which puts into debug mode.
- Fri May 28, 2021 2:26 pm
- Forum: Atomic OSSEC
- Topic: OSSEC Agent specific port instead of random port
- Replies: 6
- Views: 17181
Re: OSSEC Agent specific port instead of random port
When you mean random port, do you mean the port the agent is trying to connect to? That should be 1514 by default. If you mean the port the client computer uses to establish the connection, thats controlled by the operating system. Its going to use a high port thats not in use by another outbound co...
- Mon May 17, 2021 2:26 pm
- Forum: OSSEC
- Topic: ERROR: Download failed with ERROR (6)
- Replies: 7
- Views: 13362
Re: ERROR: Download failed with ERROR (6)
Is this on debian?
- Mon May 17, 2021 2:25 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Kernel Status
- Replies: 9
- Views: 33576
Re: ASL Kernel Status
We have a kernel module we will be releasing soon. The key reason weve moved away from a dedicated kernel was PHP. The JIT compiler while making PHP much faster, needs to violate the memory protection model (so it can work), and everytime a control panel updated PHP they overwrote the flags that all...
- Fri May 14, 2021 12:10 pm
- Forum: OSSEC
- Topic: json log format
- Replies: 1
- Views: 7977
Re: json log format
<jsonout_output>yes</jsonout_output> Is the new systax. It belongs in the global settngs, for example: <global> <email_notification>yes</email_notification> <email_to>root@localhost</email_to> <smtp_server>127.0.0.1</smtp_server> <helo_server>localhost</helo_server> <email_from>localhost</email_from...
- Fri May 14, 2021 12:08 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Kernel Status
- Replies: 9
- Views: 33576
Re: ASL Kernel Status
Its been deprecated. You can keep using it if you like, but its not going to be updated.
- Tue May 11, 2021 4:13 pm
- Forum: OSSEC
- Topic: Is it possible to add exclusions for specific hosts/agents
- Replies: 1
- Views: 8487
Re: Is it possible to add exclusions for specific hosts/agents
Yes you can, you do at the rule level after the rule thats been triggered. Its a match basically, and change whatever you need to change. For example, to lower the level to 0 for that agent for an entire group: <rule id=12345 level="0"> <if_group>syscheck</if_group> <hostname>some_agents_n...