Search found 1685 matches
- Wed Jul 11, 2018 4:43 pm
- Forum: Requests
- Topic: ClamAV 0.100.1
- Replies: 3
- Views: 14637
Re: ClamAV 0.100.1
ASL systems using any version of the ASL kernel are already immune to these vulnerabilities, and for at least one of them they only effect Windows systems running clamav. So if youre using the ASL kernel, you are immune.
- Fri Jul 06, 2018 3:06 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
OK, so that would mean OSSEC isnt failing and restarting. But just in case the log file was rotated and it did fail for some reason, lets expand that grep to include all your log files: zgrep ERROR /var/ossec/logs/ossec.log* | egrep -iv "diff|queue" As for the email error, that means your ...
- Fri Jul 06, 2018 1:52 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
Lets see if OSSEC is restarting for expected reasons (rule updates), or if its having some problem that caused it to stop running. Do you see any errors in this log file:
grep ERROR /var/ossec/logs/ossec.log | egrep -iv "diff|queue"
grep ERROR /var/ossec/logs/ossec.log | egrep -iv "diff|queue"
- Thu Jun 21, 2018 5:01 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
what errors do you see in(502) ASLW::_test_ossec - An OSSEC component is not running:....
/var/ossec/logs/ossec.log
- Thu Jun 21, 2018 4:02 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
That just means the system was temporarily unable to connect to the update servers. You can ignore it.
- Tue Jun 19, 2018 4:15 pm
- Forum: Anti-Spam Help and Discussion
- Topic: clamav rules
- Replies: 3
- Views: 9946
Re: clamav rules
This is expected if the system does not have a valid license.
- Fri Jun 01, 2018 2:53 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
Two things could cause those processes to stop: 1) system ran out of drive space 2) another error caused a shutdown In the case of 2 (an error caused a shut down), that would be logged in /var/ossec/logs/ossec.log. If the system didnt run out of drive space or inodes, what errors do you see in /var/...
- Thu May 31, 2018 3:27 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
Which of those troubleshooting steps addressed this for you?
- Tue May 29, 2018 4:41 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: ASL Web Errors
- Replies: 28
- Views: 78233
Re: ASL Web Errors
That means all of OSSEC is shut down, generally this can happen if ASL has been configured to disable OSSEC or if something has removed or replaced OSSEC. To address this follow this process: https://wiki.atomicorp.com/wiki/index.php/ASL_error_messages#Command_executed:_.2Fsbin.2Fservice_ossec-hids_...
- Tue May 29, 2018 4:38 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Spectre variants 3A and 4
- Replies: 2
- Views: 16284
Re: Spectre variants 3A and 4
3A isnt relevant for servers, for Spectre 4 yes the latest 4.14 kernel contains mitigations against Spectre v4. GRKERNSEC_BPF_HARDEN is enough to avoid Spectre V4 attacks via eBPF, in other cases the mitigations are controlled by both a boot-time option as well as a per-process prctl(). Microcode up...
- Mon May 07, 2018 7:18 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: iptables blocking everything
- Replies: 3
- Views: 17569
Re: iptables blocking everything
So what I see from that output is that the only rules that youve selected that would block anything outbound are the third party and user custom blacklists. Those rules will also log anything they block (unless logging has been disabled, but the default is to log everything). What events do you see ...
- Thu Apr 26, 2018 3:22 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Google Cloud and plesk
- Replies: 8
- Views: 22430
Re: Google Cloud and plesk
OK, so that means that part of plesk is trying to violate the memory protection model the kernel has established to prevent code injection attacks. I'm guessing they need to be able to allow code injection, in which case you will need to disable that protection for Plesk: service sw-engine stop paxc...
- Thu Apr 26, 2018 3:10 pm
- Forum: Atomic Protector (formerly ASL)
- Topic: Event 1002 - dominate event
- Replies: 14
- Views: 27768
Re: Event 1002 - dominate event
Yeah the password is used in the yum configuration, and it doesnt handle metacharacters very well, even when encoded. Its a limitation of the software management system in Linux unfortunately.
- Mon Apr 16, 2018 3:58 pm
- Forum: Security Alerts
- Topic: Intel CPU flaw
- Replies: 13
- Views: 43543
Re: Intel CPU flaw
All of the Meltdown and Spectre mitigations were available in the last 4.4.x release (we've since retired 4.4.x and moved to 4.14.x tree). That last version is 4.4.109. We do recommend upgrading to the 4.14.x kernel as it contains significant performance enhancements over the 4.4.x kernels. All of t...
- Fri Apr 06, 2018 8:49 am
- Forum: Atomic Protector (formerly ASL)
- Topic: Event 1002 - dominate event
- Replies: 14
- Views: 27768
Re: Event 1002 - dominate event
You just need to set these to your license manager username and password in the ASL gui. If you're having trouble doing that, just let us know and we'd be happy to help you with that. https://wiki.atomicorp.com/wiki/index.php/ASL_Configuration#USERNAME https://wiki.atomicorp.com/wiki/index.php/ASL_C...