Avatar

mikeshinn

  • Total activity 125
  • Last activity
  • Member since
  • Following 1 user
  • Followed by 2 users
  • Votes 10
  • Subscriptions 63

Activity overview

Latest activity by mikeshinn
  • Avatar

    mikeshinn created an article,

    Audit health check couldn't be completed correctly.

    This means that the auditd service is not running on the system.  Audit health checks can not be performed if auditd is not running.  FIM events will also be missing whodata with auditd not running...

  • Avatar

    mikeshinn created an article,

    ossec-modulesd:vulnerability-detector: WARNING: (12345): There was no valid response to

    Examples: Jan 1 11:11:11 s27 env: 2018/1/1 11:11:11 ossec-modulesd:vulnerability-detector: WARNING: (5489): There was no valid response to 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.m...

  • Avatar

    mikeshinn created an article,

    Agents not sending events to hub

    If the agent is already registered with the hub, please follow the troubleshooting steps in this article: Step 1) Confirm the process ossec-remoted process is running on the hub, and listening on p...

  • Avatar

    mikeshinn created an article,

    ossec-remoted: CRITICAL: (1206): Unable to Bind port '1514' due to [(98)-(Address already in use)]

    This message means that the ossec-remoted service is already running.  If you are starting this service manually, for example with this command: /var/ossec/bin/ossec-remoted -f Do not start the OSS...

  • Avatar

    mikeshinn created an article,

    Cannot determine user of subject (polkit-error-quark, 0)

    If you are seeing this information message when running the ASL kernel:   ** (pkttyagent:4775): WARNING **: 17:36:11.999: Unable to register authentication agent: GDBus.Error:org.freedesktop.Policy...

  • Avatar

    mikeshinn created an article,

    Kernel firewall messages are displayed on console

    Some Linux distributions (e.g. Redhat, Centos) send kernel warnings directly to the systems console.  For example, these distributions may send to the console firewall log events (e.g. iptables, ip...

  • Avatar

    mikeshinn created an article,

    agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'.

    If you are seeing errors like this: 2020/01/08 21:57:10 agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'. Or 2020/01/08 21:57:10 agent_control: ERROR: (13...

  • Avatar

    mikeshinn created an article,

    Geoblock Countries in ASL 5

    To block access from specific countries to a system, log into the ASL GUI and click on the ASL option on the left hand side of the GUI.  Then click "Blocking" and select the GeoBlocking option.  Th...

  • Avatar

    mikeshinn created an article,

    Fix rpmdb: Thread died in Berkeley DB library

    If you see rpmdb errors during package management (during yum/dnf/rpm operations) like this: rpmdb: Thread/process 10605/3765405599488 failed: Thread died in Berkeley DB lib rary error: db3 error(-...

  • Avatar

    mikeshinn created an article,

    ossec-analysisd: ERROR: Invalid integrity message in the database.

    To address this ERROR run this command as the root user on the OSSEC hub: /var/ossec/bin/syscheck_update -a Then restart OSSEC with this command: service ossec-hids restart