Avatar

mikeshinn

  • Total activity 123
  • Last activity
  • Member since
  • Following 1 user
  • Followed by 2 users
  • Votes 10
  • Subscriptions 62

Activity overview

Latest activity by mikeshinn
  • Avatar

    mikeshinn created an article,

    Audit health check couldn't be completed correctly.

    This means that the auditd service is not running on the system.  Audit health checks can not be performed if auditd is not running.  FIM events will also be missing whodata with auditd not running...

  • Avatar

    mikeshinn created an article,

    ossec-modulesd:vulnerability-detector: WARNING: (12345): There was no valid response to

    Examples: Jan 1 11:11:11 s27 env: 2018/1/1 11:11:11 ossec-modulesd:vulnerability-detector: WARNING: (5489): There was no valid response to 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.m...

  • Avatar

    mikeshinn created an article,

    Agents not sending events to hub

    If the agent is already registered with the hub, please follow the troubleshooting steps in this article: Step 1) Confirm the process ossec-remoted process is running on the hub, and listening on p...

  • Avatar

    mikeshinn created an article,

    Cannot determine user of subject (polkit-error-quark, 0)

    If you are seeing this information message when running the ASL kernel:   ** (pkttyagent:4775): WARNING **: 17:36:11.999: Unable to register authentication agent: GDBus.Error:org.freedesktop.Policy...

  • Avatar

    mikeshinn created an article,

    Kernel firewall messages are displayed on console

    Some Linux distributions (e.g. Redhat, Centos) send kernel warnings directly to the systems console.  For example, these distributions may send to the console firewall log events (e.g. iptables, ip...

  • Avatar

    mikeshinn created an article,

    agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'.

    If you are seeing errors like this: 2020/01/08 21:57:10 agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'. Or 2020/01/08 21:57:10 agent_control: ERROR: (13...

  • Avatar

    mikeshinn created an article,

    Geoblock countries

    To block access from specific countries to a system, simply log into the ASL/AWP GUI and click on the ASL/AWP option on the left hand side of the GUI.  Then click "Blocking" and select the GeoBlock...

  • Avatar

    mikeshinn created an article,

    Fix rpmdb: Thread died in Berkeley DB library

    If you see rpmdb errors during package management (during yum/dnf/rpm operations) like this: rpmdb: Thread/process 10605/3765405599488 failed: Thread died in Berkeley DB lib rary error: db3 error(-...

  • Avatar

    mikeshinn created an article,

    ossec-analysisd: ERROR: Invalid integrity message in the database.

    To address this ERROR run this command as the root user on the OSSEC hub: /var/ossec/bin/syscheck_update -a Then restart OSSEC with this command: service ossec-hids restart  

  • Avatar

    mikeshinn created an article,

    Can't connect to MySQL server

    For example, if you get an error like this: ''ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1' (111)'' This means that OSSEC can not connect to mysql. OSSEC, a component in ASL, use...