Atomicorp

ASL systems using any version of the ASL kernel are already immune to these vulnerabilities, and for at least one of them they only effect Windows systems running clamav. So if youre using the ASL kernel, you are immune.

OK, so that would mean OSSEC isnt failing and restarting. But just in case the log file was rotated and it did fail for some reason, lets expand that grep to include all your log files: zgrep ERROR /var/ossec/logs/ossec.log* | egrep -iv "diff|queue" As for the email error, that means your ...

Lets see if OSSEC is restarting for expected reasons (rule updates), or if its having some problem that caused it to stop running. Do you see any errors in this log file:

grep ERROR /var/ossec/logs/ossec.log | egrep -iv "diff|queue"

(502) ASLW::_test_ossec - An OSSEC component is not running:....

what errors do you see in

/var/ossec/logs/ossec.log

That just means the system was temporarily unable to connect to the update servers. You can ignore it.

This is expected if the system does not have a valid license.

Two things could cause those processes to stop: 1) system ran out of drive space 2) another error caused a shutdown In the case of 2 (an error caused a shut down), that would be logged in /var/ossec/logs/ossec.log. If the system didnt run out of drive space or inodes, what errors do you see in /var/...

Which of those troubleshooting steps addressed this for you?

That means all of OSSEC is shut down, generally this can happen if ASL has been configured to disable OSSEC or if something has removed or replaced OSSEC. To address this follow this process: https://wiki.atomicorp.com/wiki/index.php/ASL_error_messages#Command_executed:_.2Fsbin.2Fservice_ossec-hids_...

3A isnt relevant for servers, for Spectre 4 yes the latest 4.14 kernel contains mitigations against Spectre v4. GRKERNSEC_BPF_HARDEN is enough to avoid Spectre V4 attacks via eBPF, in other cases the mitigations are controlled by both a boot-time option as well as a per-process prctl(). Microcode up...

So what I see from that output is that the only rules that youve selected that would block anything outbound are the third party and user custom blacklists. Those rules will also log anything they block (unless logging has been disabled, but the default is to log everything). What events do you see ...

OK, so that means that part of plesk is trying to violate the memory protection model the kernel has established to prevent code injection attacks. I'm guessing they need to be able to allow code injection, in which case you will need to disable that protection for Plesk: service sw-engine stop paxc...

Yeah the password is used in the yum configuration, and it doesnt handle metacharacters very well, even when encoded. Its a limitation of the software management system in Linux unfortunately.

All of the Meltdown and Spectre mitigations were available in the last 4.4.x release (we've since retired 4.4.x and moved to 4.14.x tree). That last version is 4.4.109. We do recommend upgrading to the 4.14.x kernel as it contains significant performance enhancements over the 4.4.x kernels. All of t...

You just need to set these to your license manager username and password in the ASL gui. If you're having trouble doing that, just let us know and we'd be happy to help you with that. https://wiki.atomicorp.com/wiki/index.php/ASL_Configuration#USERNAME https://wiki.atomicorp.com/wiki/index.php/ASL_C...