mikeshinn
- Total activity 123
- Last activity
- Member since
- Following 1 user
- Followed by 2 users
- Votes 10
- Subscriptions 62
Activity overview
Latest activity by mikeshinn-
mikeshinn created an article,
Audit health check couldn't be completed correctly.
This means that the auditd service is not running on the system. Audit health checks can not be performed if auditd is not running. FIM events will also be missing whodata with auditd not running...
-
mikeshinn created an article,
ossec-modulesd:vulnerability-detector: WARNING: (12345): There was no valid response to
Examples: Jan 1 11:11:11 s27 env: 2018/1/1 11:11:11 ossec-modulesd:vulnerability-detector: WARNING: (5489): There was no valid response to 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.m...
-
mikeshinn created an article,
Agents not sending events to hub
If the agent is already registered with the hub, please follow the troubleshooting steps in this article: Step 1) Confirm the process ossec-remoted process is running on the hub, and listening on p...
-
mikeshinn created an article,
Cannot determine user of subject (polkit-error-quark, 0)
If you are seeing this information message when running the ASL kernel: ** (pkttyagent:4775): WARNING **: 17:36:11.999: Unable to register authentication agent: GDBus.Error:org.freedesktop.Policy...
-
mikeshinn created an article,
Kernel firewall messages are displayed on console
Some Linux distributions (e.g. Redhat, Centos) send kernel warnings directly to the systems console. For example, these distributions may send to the console firewall log events (e.g. iptables, ip...
-
mikeshinn created an article,
agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'.
If you are seeing errors like this: 2020/01/08 21:57:10 agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'. Or 2020/01/08 21:57:10 agent_control: ERROR: (13...
-
mikeshinn created an article,
Geoblock countries
To block access from specific countries to a system, simply log into the ASL/AWP GUI and click on the ASL/AWP option on the left hand side of the GUI. Then click "Blocking" and select the GeoBlock...
-
mikeshinn created an article,
Fix rpmdb: Thread died in Berkeley DB library
If you see rpmdb errors during package management (during yum/dnf/rpm operations) like this: rpmdb: Thread/process 10605/3765405599488 failed: Thread died in Berkeley DB lib rary error: db3 error(-...
-
mikeshinn created an article,
ossec-analysisd: ERROR: Invalid integrity message in the database.
To address this ERROR run this command as the root user on the OSSEC hub: /var/ossec/bin/syscheck_update -a Then restart OSSEC with this command: service ossec-hids restart
-
mikeshinn created an article,
Can't connect to MySQL server
For example, if you get an error like this: ''ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)'' This means that OSSEC can not connect to mysql. OSSEC, a component in ASL, use...