Search found 1691 matches

by mikeshinn
Fri Nov 19, 2021 4:21 pm
Forum: OSSEC
Topic: ossec-syscheckd ERROR 1756
Replies: 1
Views: 61415

Re: ossec-syscheckd ERROR 1756

What version of OSSEC?
by mikeshinn
Tue Nov 09, 2021 2:34 pm
Forum: Requests
Topic: ClamAV 0.103.4 LTS
Replies: 7
Views: 102197

Re: ClamAV 0.103.4 LTS

Were onto the 0.104.x tree, we werent planning to support 0.103.x. Are you unable to use 0.104.x?
by mikeshinn
Tue Oct 05, 2021 5:19 pm
Forum: OSSEC
Topic: ossec agent on windows 10
Replies: 1
Views: 60416

Re: ossec agent on windows 10

1.after entering the server ip and the key how do i continue to connect them and make sure they are connected? The agent runs as a service, and will keep the agent connected to the hub as long as its running on the client. 2. how do i activate the program itself on the windows 10 agent? The installe...
by mikeshinn
Tue Sep 28, 2021 1:12 pm
Forum: OSSEC
Topic: agent disconnect
Replies: 7
Views: 82868

Re: agent disconnect

Whats the specific message your OS generating?
by mikeshinn
Mon Sep 20, 2021 2:17 pm
Forum: General Help and Development Discussion
Topic: Help to Install Python on Ubuntu
Replies: 1
Views: 46183

Re: Help to Install Python on Ubuntu

On many distros, the python binary will be named after the version, for example the binary name may be:

python3.9

Instead of python.
by mikeshinn
Mon Aug 16, 2021 9:06 am
Forum: Atomicorp Free Modsecurity Rules
Topic: New rules download page
Replies: 4
Views: 38530

Re: New rules download page

If youre using Apache, and want all of the capabilities of modsecurity, use 2.9.x. 3.x does not have all of the features that 2.9.x does.

If youre using nginx, youll have to use 3.x, 2.9.x is not very stable with nginx.
by mikeshinn
Mon Aug 16, 2021 9:05 am
Forum: Atomicorp Modsecurity Rules Support
Topic: Support for Ubuntu 20.04
Replies: 5
Views: 54542

Re: Support for Ubuntu 20.04

Yes, aum works on Ubuntu. 20.04.

Install aum and it will install modsecurity for you.
by mikeshinn
Thu Jun 10, 2021 10:18 am
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 58010

Re: Ossec Agent stays in Never connected state

How did you provision the key for the agent?
by mikeshinn
Thu Jun 03, 2021 3:28 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 58010

Re: Ossec Agent stays in Never connected state

Should be port 1514, is it trying 1415 on your system?
by mikeshinn
Tue Jun 01, 2021 3:05 pm
Forum: Atomic OSSEC
Topic: OSSEC Agent specific port instead of random port
Replies: 6
Views: 42570

Re: OSSEC Agent specific port instead of random port

Yeah, thats a better option as the OS is what sets the outbound normally.
by mikeshinn
Tue Jun 01, 2021 2:45 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 58010

Re: Ossec Agent stays in Never connected state

2021/05/31 14:06:16 ossec-remoted(2202): ERROR: Error uncompressing string. That means something tried to send a message of one size, and it was actually of another. Was this a device sending messages to the syslog listener on 514, or an agent on 1514, and if the later, which version and platform?
by mikeshinn
Tue Jun 01, 2021 2:44 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 58010

Re: Ossec Agent stays in Never connected state

So this error means whatevers trying to connect isnt using the right protocol (which could be anything, nmap, telnet, etc.). If thats what you were doing, thats what that means. If not, what agent and version is running on the endpoint, and was this something trying to send events to the hub for sys...
by mikeshinn
Fri May 28, 2021 2:29 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL Kernel Status
Replies: 9
Views: 239695

Re: ASL Kernel Status

In ASL/AP v6, we no longer use mysql, that however does not deprecate any functionality in ASL/AP.
by mikeshinn
Fri May 28, 2021 2:28 pm
Forum: OSSEC
Topic: Ossec Agent stays in Never connected state
Replies: 15
Views: 58010

Re: Ossec Agent stays in Never connected state

easiest way is to start remoted from the command line and start it with -d which puts into debug mode.