Search found 1691 matches

by mikeshinn
Mon May 04, 2020 12:41 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Support CentOS 8?
Replies: 9
Views: 53424

Re: Support CentOS 8?

We cant speak for Plesk, they may have their own process for installing and configuring modsecurity, but modsecurity rules are not platform dependant. Simply load the rules into modsecurity on whatever platform you are using and theyll work.
by mikeshinn
Mon May 04, 2020 12:39 pm
Forum: Atomicorp Free Modsecurity Rules
Topic: BUG: ModSecurity kills posting in this forum?!
Replies: 3
Views: 24492

Re: BUG: ModSecurity kills posting in this forum?!

Certainly, the supported rules provide a lot more information and support is provided for any issues the same day the issue is reported, updates for false positives for example are provided the same day they are reported, our goal is provide any update within an hour.
by mikeshinn
Sat May 02, 2020 4:38 pm
Forum: Atomicorp Free Modsecurity Rules
Topic: BUG: ModSecurity kills posting in this forum?!
Replies: 3
Views: 24492

Re: BUG: ModSecurity kills posting in this forum?!

It looks like youre using the unsupported free rules, is that correct?
by mikeshinn
Sat May 02, 2020 4:37 pm
Forum: Atomicorp Modsecurity Rules Support
Topic: Support CentOS 8?
Replies: 9
Views: 53424

Re: Support CentOS 8?

The rules are supported on any platform that supports modsecurity, that includes Centos 8.
by mikeshinn
Wed Apr 01, 2020 6:22 pm
Forum: OSSEC
Topic: ossec-Maild High CPU Utilization
Replies: 1
Views: 9425

Re: ossec-Maild High CPU Utilization

Can you put ossec-maild into debug mode and share whats happening when its using an unusually high amount of CPU?
by mikeshinn
Wed Mar 11, 2020 5:43 pm
Forum: Atomic Protector (formerly ASL)
Topic: error duing asl -s scan
Replies: 5
Views: 45744

Re: error duing asl -s scan

That means these options are disabled in ASL/AWP: Advanced Malware Removal Ruleset: off [MODERATE] https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_98_ADV_REDACTOR Just In Time Patches: off [HIGH] https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_99_JITP Basic Malware Removal Ruleset:...
by mikeshinn
Tue Mar 10, 2020 11:18 am
Forum: Atomic Protector (formerly ASL)
Topic: error duing asl -s scan
Replies: 5
Views: 45744

Re: error duing asl -s scan

So this error: 2 9901 ASLCommon::cmd_exec ERROR: '(1) /usr/sbin/apachectl -t 2>&1 >/dev/null -- httpd: Syntax error on line 1 of /etc/httpd/conf/httpd.conf: Syntax error on line 3 of /etc/httpd/conf.d/00_mod_security.conf: Cannot load modules/mod_security2.so into server: /etc/httpd/modules/mod_...
by mikeshinn
Mon Mar 02, 2020 5:53 pm
Forum: Requests
Topic: ClamAV 0.102.2
Replies: 2
Views: 38455

Re: ClamAV 0.102.2

Unfortunately 0.102.x isnt supported on el6/7 it requires a version of the curl api thats not available for those platforms (which is also why epel doesnt have updates to 1.102.x either). clamav has basically abandoned el6/7 with this choice. clamav 1.102.x is going to need to be re-written in those...
by mikeshinn
Tue Nov 12, 2019 5:22 pm
Forum: Atomic Protector (formerly ASL)
Topic: ASL - Logs
Replies: 1
Views: 35562

Re: ASL - Logs

WAF events are logged concurrently to the event data repository with one per event and are stored by default in this location on the system:

/var/asl/data/audit/apache
by mikeshinn
Wed Sep 25, 2019 3:23 pm
Forum: OSSEC
Topic: Long messages being truncated when sent using syslog_output.
Replies: 10
Views: 17398

Re: Long messages being truncated when sent using syslog_out

Ah, OK si that sounds like youre just using the open source builds? If so, then you need to grab the latest source code and build from that the binary your using is quite old and it looks like youre using 3.0, whereas the source tree has patches for the upcoming 4.0 release. If youre using the comme...
by mikeshinn
Tue Sep 17, 2019 4:35 pm
Forum: OSSEC
Topic: Long messages being truncated when sent using syslog_output.
Replies: 10
Views: 17398

Re: Long messages being truncated when sent using syslog_out

Thats pretty old, I dont think we've put out a version of AEO using a version of OSSEC that old. Can you send me the version number for AEO with this command:

asl -v
by mikeshinn
Wed Sep 11, 2019 10:35 am
Forum: OSSEC
Topic: Long messages being truncated when sent using syslog_output.
Replies: 10
Views: 17398

Re: Long messages being truncated when sent using syslog_out

Sorry if I wasnt clear, the latest version of AEO has no limit. What version of AEO is the hub using?

Just run this command:

asl -v
by mikeshinn
Fri Sep 06, 2019 8:41 am
Forum: OSSEC
Topic: Local installation version VS Agentless Server installation
Replies: 1
Views: 7676

Re: Local installation version VS Agentless Server installat

They basically the same thing. You may want to disable some services that are used just with agents, like remoted but otherwise a standalone instance is an ossec server as opposed to an agent.
by mikeshinn
Tue Aug 20, 2019 6:58 pm
Forum: OSSEC
Topic: Long messages being truncated when sent using syslog_output.
Replies: 10
Views: 17398

Re: Long messages being truncated when sent using syslog_out

Yes the latest version of AEO allows for setting effectively an unlimited limit, just make sure youre using the latest version of AEO.
by mikeshinn
Thu Jul 18, 2019 1:29 pm
Forum: OSSEC
Topic: How to extract IP from Log
Replies: 4
Views: 10025

Re: How to extract IP from Log

What version of OSSEC are you using?