Atomicorp

Yeah curl error code 6 is saying it cant resolve the hostname, https://curl.se/libcurl/c/libcurl-errors.html

DNS problem maybe?

Missing rules?

We havent looked at that one yet, but we support Rocky Linux 8 now

Nothing like that, just that when you change the key you have to restart the agent, otherwise its using the older key still. So next take a look in /var/ossec/etc/internal_options.conf and enable the debug settings for remoted. You can do the same on the agent side for agentd, and then see if the ou...

OK so at this point (correct me if any of these arent validated) 1. Key: Probably OK, unless theres a transcribing error. 2. remoted is listening on port UDP 1514 3. agent traffic is confirmed to be reaching the server on UDP 1514 Never connected is a state you'd get only if initial session packet d...

So the SCL packaging system in RHEL/Rocky/Centos allows multiple installations of PHP concurrently so you could still have different options in the environment.

Otherwise PHP 5.4.x is maintained by redhat on RHEL/Centos 7 until june 2024

Ok thats good, it could be the key. A good way to provision those is to use the ossec-authd service on the server, and the agent-auth client from the agent. Otherwise you could manually do it using manage_agents

Yeah I think by default virtualbox doesn't let you communicate with the guest VM from the host system

That would only be able to control the dst port, the src port is something you have to control from the IP stack in the OS.

You can set the ephemeral port range in linux with sysctl or /proc:

https://tldp.org/LDP/solrhe/Securing-Op ... sec70.html

Interface just hasnt updated yet, give it a bit and that will go away.

See if its running with:

ps ax |grep ossec

No, we havent used that file in more than 5 years. What version of ossec are you running?

Reset the FIM db with:

1)
rm -f /var/ossec/queue/syscheck/*

2)
service ossec-hids restart

Try upgrading to the branch from the atomic repo, we just added Kali support yesterday:

wget -q -O - https://updates.atomicorp.com/installers/atomic | bash

then run openvas-setup

Atomicorp

Search found 6203 matches

Re: oum update ERROR: Download failed with ERROR (6)

Re: Installation Start issue Fedora 3.6.0-19869.fc34.art

Re: AlmaLinux support

Re: Ossec Agent stays in Never connected state

Re: Ossec Agent stays in Never connected state

Re: PHP 5.6 end of support

Re: How do I connect OSSEC Server and Client together in Virtualbox?

Re: How do I connect OSSEC Server and Client together in Virtualbox?

Re: OSSEC Agent specific port instead of random port

Re: OSSEC Agent specific port instead of random port

Re: ASL Web Errors

Re: ASL Web Errors

Re: ASL Web Errors

Re: ASL Web Errors

Re: Openvas scanner not working