Search found 1685 matches
- Tue Mar 10, 2020 11:18 am
- Forum: Atomic Protector (formerly ASL)
- Topic: error duing asl -s scan
- Replies: 5
- Views: 24668
Re: error duing asl -s scan
So this error: 2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_...
- Mon Mar 02, 2020 5:53 pm
- Forum: Requests
- Topic: ClamAV 0.102.2
- Replies: 2
- Views: 20436
Re: ClamAV 0.102.2
Unfortunately 0.102.x isnt supported on el6/7 it requires a version of the curl api thats not available for those platforms (which is also why epel doesnt have updates to 1.102.x either). clamav has basically abandoned el6/7 with this choice. clamav 1.102.x is going to need to be re-written in those...
- Tue Nov 12, 2019 5:22 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL - Logs
- Replies: 1
- Views: 18067
Re: ASL - Logs
WAF events are logged concurrently to the event data repository with one per event and are stored by default in this location on the system:
/var/asl/data/audit/apache
/var/asl/data/audit/apache
- Wed Sep 25, 2019 3:23 pm
- Forum: OSSEC
- Topic: Long messages being truncated when sent using syslog_output.
- Replies: 10
- Views: 13620
Re: Long messages being truncated when sent using syslog_out
Ah, OK si that sounds like youre just using the open source builds? If so, then you need to grab the latest source code and build from that the binary your using is quite old and it looks like youre using 3.0, whereas the source tree has patches for the upcoming 4.0 release. If youre using the comme...
- Tue Sep 17, 2019 4:35 pm
- Forum: OSSEC
- Topic: Long messages being truncated when sent using syslog_output.
- Replies: 10
- Views: 13620
Re: Long messages being truncated when sent using syslog_out
Thats pretty old, I dont think we've put out a version of AEO using a version of OSSEC that old. Can you send me the version number for AEO with this command:
asl -v
asl -v
- Wed Sep 11, 2019 10:35 am
- Forum: OSSEC
- Topic: Long messages being truncated when sent using syslog_output.
- Replies: 10
- Views: 13620
Re: Long messages being truncated when sent using syslog_out
Sorry if I wasnt clear, the latest version of AEO has no limit. What version of AEO is the hub using?
Just run this command:
asl -v
Just run this command:
asl -v
- Fri Sep 06, 2019 8:41 am
- Forum: OSSEC
- Topic: Local installation version VS Agentless Server installation
- Replies: 1
- Views: 6436
Re: Local installation version VS Agentless Server installat
They basically the same thing. You may want to disable some services that are used just with agents, like remoted but otherwise a standalone instance is an ossec server as opposed to an agent.
- Tue Aug 20, 2019 6:58 pm
- Forum: OSSEC
- Topic: Long messages being truncated when sent using syslog_output.
- Replies: 10
- Views: 13620
Re: Long messages being truncated when sent using syslog_out
Yes the latest version of AEO allows for setting effectively an unlimited limit, just make sure youre using the latest version of AEO.
- Thu Jul 18, 2019 1:29 pm
- Forum: OSSEC
- Topic: How to extract IP from Log
- Replies: 4
- Views: 8055
Re: How to extract IP from Log
What version of OSSEC are you using?
- Fri Jul 05, 2019 2:59 pm
- Forum: OSSEC
- Topic: active-responses log filling up drive
- Replies: 1
- Views: 6262
Re: active-responses log filling up drive
It looks like youre included either /var or /var/ossec in your FIM settings, and configured them further to report the content of changes in those directories (record diffs). Just log into the AEO GUI, and Click on the "ASL" tab, select "File Integrity", then select "Watch R...
- Fri Jul 05, 2019 2:54 pm
- Forum: OSSEC
- Topic: How to extract IP from Log
- Replies: 4
- Views: 8055
Re: How to extract IP from Log
Yes, you just need to create a decoder for that application/platforms log format, which will then allow you assign key values for each position/pattern/delimiter in your log file. You'll find decoders in /var/ossec/etc/decoders.d/ For example: May 14 17:49:12 auth openvpn: Sun May 14 17:49:12 2017 2...
- Fri Jul 05, 2019 2:50 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: SACK
- Replies: 7
- Views: 23822
Re: SACK
Its not added into a table, it changes kernel settings.
- Wed Jun 26, 2019 5:55 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: SACK
- Replies: 7
- Views: 23822
Re: SACK
On older systems it was probably set to no, it is set to yes by default not sure when the change happened though but for sometime its been the default.
- Thu Jun 20, 2019 4:33 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: SACK
- Replies: 7
- Views: 23822
Re: SACK
Only if TSO or GSO is enabled for the interface, and only if you have MSS protection disabled in ASL. Check this setting in ASL: FW_MSS_DROP="yes" ASL has always been immune to this kind of attack, for many many years if this is enabled. If youre not using ASL, then you want to check to se...
- Tue Jun 18, 2019 3:57 pm
- Forum: Atomic OSSEC
- Topic: which agent reported the event?
- Replies: 4
- Views: 24474
Re: which agent reported the event?
Just a followup, the QA build will be released tomorrow into testing.