Atomicorp

Or ossec for that matter.... scan results dont end up in any logs at all. There are some export options that we could take advantage of with OSSEC to grab those, but Ive never tried to automate that. Do you think you could look through openvas to see if it can write events to a fixed directory on a ...

I know its a transition issue from ossec 2.8.3 to 2.9.1 agents, probably because of the renaming (was: client, now: agent). Its on the fix list!

I seem to recall getting something like this to work with some CA trickery. I think I had to add the self-generated CA to the global system CA using: https://fedoraproject.org/wiki/Features ... rtificates

I completely forgot about the postgres support in there! I'd be happy to add that in. We ran into a similar situation with OSSEC, and I think we could use the same split package setup from OSSEC (mysql or postgres support in its case) with openvasmd. That way you can avoid a postgres dependency if t...

https://github.com/ossec/ossec-hids/releases/tag/2.9.1 Binary packages should be available today from the Atomic and ASL repos for RHEL, Centos, Fedora, Debian and Ubuntu Changelog Release Maintainers Dan Parriott Scott R. Shinn (Atomicorp, Inc.) Whats New Updated rootcheck audit db's Updated GeoIP ...

Let us know how it works out, as I havent had the opportunity to try this kind of setup either. With the right info we can probably add this condition to openvas-setup to add remote scanners and/or oSPD daemons.

Ah thats probably it then, the scanner(s) connect to the manager (openvasmd). You'd need to modify /etc/sysconfig/openvas-manager (if you hadnt already) to listen on a port with --listen= to start wth, and then create the scanner(s) in openvas manager --create-scanner=<scanner> Create global scanner...

You didnt mention the manager config here, is that what you have running on 9391?

OSSEC 2.9 for windows is now available at:

https://updates.atomicorp.com/channels/atomic/windows/

We've added a lot of this input to the openvas package, but havent had the time to test the PDF support completely. That could use some extra vetting if anyone has the opportunity.

Thanks again for all the feedback on this!

Apt repos for Ubuntu 12, 14, 16, and Debian 7,8 can be added from the atomic installer with:

wget -q -O - https://updates.atomicorp.com/installers/atomic |bash

or direct access via:

https://updates.atomicorp.com/channels/atomic/ubuntu

and

https://updates.atomicorp.com/channels/atomic/debian

It looks like gsad is running on both 80 & 9392, did you try restarting it?

As the release maintaner for OSSEC, I have no idea why we didnt create a user forum until now. Everyone has been using either IRC or the mailing list til now. Mi culpa! This forum is for everything from bug reports and feature requests, rule & decoder developnent, to general usage / configuratio...

Sure, I made this file that looked like this:

10.10.10.0/24
10.10.11.1
10.10.11.5

and created a new target, with a "From File" option

Have you tried a file with one network or IP per line?