Search found 1691 matches

by mikeshinn
Wed Nov 18, 2020 12:16 pm
Forum: OpenVAS
Topic: openvas-scanner-7.0.0-9465.el7.art.x86_64: install failed
Replies: 1
Views: 89129

Re: openvas-scanner-7.0.0-9465.el7.art.x86_64: install faile

Could you post the full output of the yum command?
by mikeshinn
Mon Nov 09, 2020 5:00 pm
Forum: OpenVAS
Topic: where is config id in openvas
Replies: 2
Views: 22348

Re: where is config id in openvas

Could you explain a little more about what you want to change?
by mikeshinn
Fri Nov 06, 2020 5:11 pm
Forum: OSSEC
Topic: Failing to decode IPv6 addresses
Replies: 5
Views: 21750

Re: Failing to decode IPv6 addresses

What I mean is that there seems to be a bug BEFORE the decoders are selected. The IP address is located before the log text itself, so it's not a matter of decoder here, but about the parser that separates the line into the the fields that are later processed by the decoders. The parser is the deco...
by mikeshinn
Fri Sep 25, 2020 10:54 am
Forum: OSSEC
Topic: Failing to decode IPv6 addresses
Replies: 5
Views: 21750

Re: Failing to decode IPv6 addresses

I think I understand where you might be having trouble. Think of decoders as translators, so even though a log might be going thru a decoder, if it doesnt understand the log message it wont translate it correctly. You need the right decoder for that specific log format, even if its coming from the s...
by mikeshinn
Tue Sep 15, 2020 4:21 pm
Forum: OSSEC
Topic: Failing to decode IPv6 addresses
Replies: 5
Views: 21750

Re: Failing to decode IPv6 addresses

It doesnt look like you have a decoder for that application:

**Phase 2: Completed decoding.
No decoder matched.

Without a decoder, OSSEC doesnt know what each field means.
by mikeshinn
Tue Sep 08, 2020 3:53 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Support CentOS 8?
Replies: 9
Views: 52933

Re: Support CentOS 8?

EL8 is officially supported.
by mikeshinn
Tue Jun 16, 2020 4:10 pm
Forum: OSSEC
Topic: ossec-remoted not binding to ipv4?
Replies: 13
Views: 115676

Re: ossec-remoted not binding to ipv4?

The 4.0 RPMs are available here:

https://updates.atomicorp.com/channels/ossec-hub-repo/

And the 4.2.x RPMs are available here:

https://updates.atomicorp.com/channels/awp-hub-repo/
by mikeshinn
Mon Jun 08, 2020 5:03 pm
Forum: OSSEC
Topic: ossec-remoted not binding to ipv4?
Replies: 13
Views: 115676

Re: ossec-remoted not binding to ipv4?

OK, I see whats going on, your system is using the old 3.x open source branch, there a bug in the branch for remoted. You'll want to upgrade to the 4.x branch.
by mikeshinn
Wed Jun 03, 2020 3:46 pm
Forum: OSSEC
Topic: ossec-remoted not binding to ipv4?
Replies: 13
Views: 115676

Re: ossec-remoted not binding to ipv4?

I have the version which was installed using the instructions from my initial post. How do I find from the command-line what version is installed? Just query the operating system software management system, for example: rpm -qa ossec* For example: [mshinn@threat ~]$ rpm -qa ossec* ossec-hids-4.2.2-...
by mikeshinn
Mon Jun 01, 2020 5:22 pm
Forum: Firewall Help and Discussion
Topic: PCI Scanner Whitelist IP Range
Replies: 1
Views: 21114

Re: PCI Scanner Whitelist IP Range

You can whitelist a CIDR or IP by running this command as root:

asl -w 1.2.3.0/24

And on v6:

awp -w 1.2.3.0/24
by mikeshinn
Mon Jun 01, 2020 5:20 pm
Forum: OSSEC
Topic: ossec-remoted not binding to ipv4?
Replies: 13
Views: 115676

Re: ossec-remoted not binding to ipv4?

Are you using the open source OSSEC only? And if so, what version? Understood, however, shouldn't the service run on both protocols, or at least be binding to IPv4 in the first instance as still the standard? I'm not sure I understand, remoted will run on both protocols at the same time. It will not...
by mikeshinn
Thu May 28, 2020 3:56 pm
Forum: OSSEC
Topic: ossec-remoted not binding to ipv4?
Replies: 13
Views: 115676

Re: ossec-remoted not binding to ipv4?

Does ossec-remoted not bind to IPv4 by default? It runs on IPv4 too, for example: [root@host ~]# netstat -anupl | grep ossec-remoted udp 0 0 0.0.0.0:1514 0.0.0.0:* 11174/ossec-remoted [root@host ~]# However, if an IPv4 interface wasnt plumbed when the service was started, then you would only see it...
by mikeshinn
Wed May 27, 2020 5:10 pm
Forum: OSSEC
Topic: ossec-remoted not binding to ipv4?
Replies: 13
Views: 115676

Re: ossec-remoted not binding to ipv4?

Assuming the agent is trying to connect to the remoted service running on an IPv4 IP, no it doesnt look like you have ossec-remoted running on an IPv4 address. Is the hub system plumbed with an IPv4 address? Alternatively you can use IPv6. If so, what happens if you restart the ossec-hids service? P...
by mikeshinn
Fri May 15, 2020 2:40 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Support CentOS 8?
Replies: 9
Views: 52933

Re: Support CentOS 8?

I'm not sure if Plesk makes the rules available in some other way, but if they provided you with a username and password you can just log into our rules archive with those credentials and download the rules.
by mikeshinn
Thu May 14, 2020 5:14 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Support CentOS 8?
Replies: 9
Views: 52933

Re: Support CentOS 8?

You can however install the rules on your server outside of Plesk, just follow this process:

https://wiki.atomicorp.com/wiki/index.p ... stallation