Search found 269 matches

by Imaging
Thu Mar 01, 2018 5:32 pm
Forum: OSSEC
Topic: [UPDATE] Constant /etc/asl/whitelist checksum alerts
Replies: 9
Views: 5524

Re: [UPDATE] Constant /etc/asl/whitelist checksum alerts

What's the current status of the next update?

Thanks.
by Imaging
Thu Feb 22, 2018 6:48 pm
Forum: OSSEC
Topic: [UPDATE] Constant /etc/asl/whitelist checksum alerts
Replies: 9
Views: 5524

Re: [UPDATE] Constant /etc/asl/whitelist checksum alerts

Just the one syscheckd process on the boxes I just checked.
by Imaging
Wed Feb 21, 2018 6:05 pm
Forum: Atomic Protector (formerly ASL)
Topic: Not Compatible with R1Soft Backup
Replies: 6
Views: 7324

Re: Not Compatible with R1Soft Backup

It will run but with a caveat - you need a custom module built for the ASL kernel. Their automated build system would always fail when we tried that way. We were then able to get it running when they manually built us a custom module for the ASL kernel we had in use. Unfortunately, it took quite som...
by Imaging
Tue Feb 20, 2018 5:32 pm
Forum: OSSEC
Topic: [UPDATE] Constant /etc/asl/whitelist checksum alerts
Replies: 9
Views: 5524

Re: [UPDATE] Constant /etc/asl/whitelist checksum alerts

Bump. Any update?

Thanks.
by Imaging
Thu Feb 08, 2018 11:34 am
Forum: OSSEC
Topic: [UPDATE] Constant /etc/asl/whitelist checksum alerts
Replies: 9
Views: 5524

Re: [UPDATE] Constant /etc/asl/whitelist checksum alerts

jgodwin: What's the ETA on the update to ossec to deal with the file not found messages? They can get quite voluminous. Any mitigations until the update is released (other than turning off alerts for rule 1002 which we wouldn't want to do since it is a rule that catches other potentially legitimate ...
by Imaging
Fri Jan 12, 2018 12:50 pm
Forum: Security Alerts
Topic: Intel CPU flaw
Replies: 13
Views: 17985

Re: Intel CPU flaw

Mike: Just to make sure I'm clear, what is said kernel patched against (meltdown only, meltdown and some spectre variants, etc.)? Some of the vendor kernels needed microcode updates for their patches as well and not sure if that was related to the method used or if the ASL kernel would need as well....
by Imaging
Fri Jan 05, 2018 8:49 am
Forum: Security Alerts
Topic: Intel CPU flaw
Replies: 13
Views: 17985

Re: Intel CPU flaw

Great. Thanks for the analysis and perspective!
by Imaging
Thu Jan 04, 2018 1:23 pm
Forum: Security Alerts
Topic: Intel CPU flaw
Replies: 13
Views: 17985

Re: Intel CPU flaw

Looks like patches/details have started to come out (appears that Jan 9 was the initial coordinated release date) today for RHEL/CentOS stock kernels, etc.

Is there an ETA for the ASL kernel update now that details appear to have been released?

Thanks.
by Imaging
Tue Jan 24, 2017 3:39 pm
Forum: Atomic Protector (formerly ASL)
Topic: ClamAV Question
Replies: 0
Views: 3926

ClamAV Question

For the latest ClamAV packages from the asl-4.0 repo on CentOS 5.x (on our way to migrating away from it by the end of March but still in use at present): clamd-0.99.2-35.el5.art.x86_64.rpm and relateds, we are now seeing the logs filling up with: LibClamAV Warning: cli_loadldb: logical signature fo...
by Imaging
Tue Nov 01, 2016 3:00 pm
Forum: Atomic Protector (formerly ASL)
Topic: Kernel Question
Replies: 5
Views: 4436

Re: Kernel Question

Thanks for the update.
by Imaging
Wed Oct 26, 2016 4:57 pm
Forum: Atomic Protector (formerly ASL)
Topic: Kernel Question
Replies: 5
Views: 4436

Re: Kernel Question

prupert:

Thank you.

Scott/Mike:

What's the ETA on the RHEL/CentOS 5.x kernel update?
by Imaging
Tue Oct 25, 2016 12:58 pm
Forum: Atomic Protector (formerly ASL)
Topic: Kernel Question
Replies: 5
Views: 4436

Kernel Question

Safe to assume that systems that use the ASL kernel are not impacted by the 'Dirty Cow' escalation (CVE-2016-5195)? Noticed a new ASL kernel out for a 6.x box (3.2.69-82) but not an older 5.x box (still running 3.2.69-81) so was wondering if related or coincidental. Assuming that -81 is fine but fig...
by Imaging
Fri Oct 21, 2016 1:56 pm
Forum: Atomic Protector (formerly ASL)
Topic: CentOS 7/RHEL 7
Replies: 4
Views: 3878

Re: CentOS 7/RHEL 7

Thank you.