Search found 1691 matches
- Wed Nov 18, 2020 12:16 pm
- Forum: OpenVAS
- Topic: openvas-scanner-7.0.0-9465.el7.art.x86_64: install failed
- Replies: 1
- Views: 89129
Re: openvas-scanner-7.0.0-9465.el7.art.x86_64: install faile
Could you post the full output of the yum command?
- Mon Nov 09, 2020 5:00 pm
- Forum: OpenVAS
- Topic: where is config id in openvas
- Replies: 2
- Views: 22348
Re: where is config id in openvas
Could you explain a little more about what you want to change?
- Fri Nov 06, 2020 5:11 pm
- Forum: OSSEC
- Topic: Failing to decode IPv6 addresses
- Replies: 5
- Views: 21750
Re: Failing to decode IPv6 addresses
What I mean is that there seems to be a bug BEFORE the decoders are selected. The IP address is located before the log text itself, so it's not a matter of decoder here, but about the parser that separates the line into the the fields that are later processed by the decoders. The parser is the deco...
- Fri Sep 25, 2020 10:54 am
- Forum: OSSEC
- Topic: Failing to decode IPv6 addresses
- Replies: 5
- Views: 21750
Re: Failing to decode IPv6 addresses
I think I understand where you might be having trouble. Think of decoders as translators, so even though a log might be going thru a decoder, if it doesnt understand the log message it wont translate it correctly. You need the right decoder for that specific log format, even if its coming from the s...
- Tue Sep 15, 2020 4:21 pm
- Forum: OSSEC
- Topic: Failing to decode IPv6 addresses
- Replies: 5
- Views: 21750
Re: Failing to decode IPv6 addresses
It doesnt look like you have a decoder for that application:
**Phase 2: Completed decoding.
No decoder matched.
Without a decoder, OSSEC doesnt know what each field means.
**Phase 2: Completed decoding.
No decoder matched.
Without a decoder, OSSEC doesnt know what each field means.
- Tue Sep 08, 2020 3:53 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 52933
Re: Support CentOS 8?
EL8 is officially supported.
- Tue Jun 16, 2020 4:10 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 115676
Re: ossec-remoted not binding to ipv4?
The 4.0 RPMs are available here:
https://updates.atomicorp.com/channels/ossec-hub-repo/
And the 4.2.x RPMs are available here:
https://updates.atomicorp.com/channels/awp-hub-repo/
https://updates.atomicorp.com/channels/ossec-hub-repo/
And the 4.2.x RPMs are available here:
https://updates.atomicorp.com/channels/awp-hub-repo/
- Mon Jun 08, 2020 5:03 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 115676
Re: ossec-remoted not binding to ipv4?
OK, I see whats going on, your system is using the old 3.x open source branch, there a bug in the branch for remoted. You'll want to upgrade to the 4.x branch.
- Wed Jun 03, 2020 3:46 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 115676
Re: ossec-remoted not binding to ipv4?
I have the version which was installed using the instructions from my initial post. How do I find from the command-line what version is installed? Just query the operating system software management system, for example: rpm -qa ossec* For example: [mshinn@threat ~]$ rpm -qa ossec* ossec-hids-4.2.2-...
- Mon Jun 01, 2020 5:22 pm
- Forum: Firewall Help and Discussion
- Topic: PCI Scanner Whitelist IP Range
- Replies: 1
- Views: 21114
Re: PCI Scanner Whitelist IP Range
You can whitelist a CIDR or IP by running this command as root:
asl -w 1.2.3.0/24
And on v6:
awp -w 1.2.3.0/24
asl -w 1.2.3.0/24
And on v6:
awp -w 1.2.3.0/24
- Mon Jun 01, 2020 5:20 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 115676
Re: ossec-remoted not binding to ipv4?
Are you using the open source OSSEC only? And if so, what version? Understood, however, shouldn't the service run on both protocols, or at least be binding to IPv4 in the first instance as still the standard? I'm not sure I understand, remoted will run on both protocols at the same time. It will not...
- Thu May 28, 2020 3:56 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 115676
Re: ossec-remoted not binding to ipv4?
Does ossec-remoted not bind to IPv4 by default? It runs on IPv4 too, for example: [root@host ~]# netstat -anupl | grep ossec-remoted udp 0 0 0.0.0.0:1514 0.0.0.0:* 11174/ossec-remoted [root@host ~]# However, if an IPv4 interface wasnt plumbed when the service was started, then you would only see it...
- Wed May 27, 2020 5:10 pm
- Forum: OSSEC
- Topic: ossec-remoted not binding to ipv4?
- Replies: 13
- Views: 115676
Re: ossec-remoted not binding to ipv4?
Assuming the agent is trying to connect to the remoted service running on an IPv4 IP, no it doesnt look like you have ossec-remoted running on an IPv4 address. Is the hub system plumbed with an IPv4 address? Alternatively you can use IPv6. If so, what happens if you restart the ossec-hids service? P...
- Fri May 15, 2020 2:40 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 52933
Re: Support CentOS 8?
I'm not sure if Plesk makes the rules available in some other way, but if they provided you with a username and password you can just log into our rules archive with those credentials and download the rules.
- Thu May 14, 2020 5:14 pm
- Forum: Atomicorp Modsecurity Rules Support
- Topic: Support CentOS 8?
- Replies: 9
- Views: 52933
Re: Support CentOS 8?
You can however install the rules on your server outside of Plesk, just follow this process:
https://wiki.atomicorp.com/wiki/index.p ... stallation
https://wiki.atomicorp.com/wiki/index.p ... stallation