mikeshinn

Audit health check couldn't be completed correctly.

1. Atomic OSSEC
2. Self Help

This means that the auditd service is not running on the system.  Audit health checks can not be performed if auditd is not running.  FIM events will also be missing whodata with auditd not running...

• mikeshinn
• May 04, 2021 20:24
• Updated
• 1 follower
• 0 comments
• 0 votes

ossec-modulesd:vulnerability-detector: WARNING: (12345): There was no valid response to

1. Atomic OSSEC
2. Self Help

Examples: Jan 1 11:11:11 s27 env: 2018/1/1 11:11:11 ossec-modulesd:vulnerability-detector: WARNING: (5489): There was no valid response to 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.m...

• mikeshinn
• May 04, 2021 20:24
• Updated
• 1 follower
• 0 comments
• 1 vote

Agents not sending events to hub

1. Atomic OSSEC
2. Self Help

If the agent is already registered with the hub, please follow the troubleshooting steps in this article: Step 1) Confirm the process ossec-remoted process is running on the hub, and listening on p...

• mikeshinn
• March 29, 2021 13:33
• Updated
• 1 follower
• 0 comments
• 0 votes

ossec-remoted: CRITICAL: (1206): Unable to Bind port '1514' due to [(98)-(Address already in use)]

1. Atomic OSSEC
2. Self Help

This message means that the ossec-remoted service is already running.  If you are starting this service manually, for example with this command: /var/ossec/bin/ossec-remoted -f Do not start the OSS...

• mikeshinn
• May 04, 2021 20:24
• Updated
• 1 follower
• 0 comments
• 0 votes

Cannot determine user of subject (polkit-error-quark, 0)

1. ASL 5.5
2. Self-help

If you are seeing this information message when running the ASL kernel:   ** (pkttyagent:4775): WARNING **: 17:36:11.999: Unable to register authentication agent: GDBus.Error:org.freedesktop.Policy...

• mikeshinn
• May 27, 2020 11:33
• Updated
• 3 followers
• 2 comments
• 1 vote

Kernel firewall messages are displayed on console

1. General
2. FAQ

Some Linux distributions (e.g. Redhat, Centos) send kernel warnings directly to the systems console.  For example, these distributions may send to the console firewall log events (e.g. iptables, ip...

• mikeshinn
• April 22, 2020 18:46
• Updated
• 1 follower
• 0 comments
• 0 votes

agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'.

1. Atomic OSSEC
2. Self Help

If you are seeing errors like this: 2020/01/08 21:57:10 agent_control: ERROR: (1210): Queue '/queue/alerts/ar' not accessible: 'Connection refused'. Or 2020/01/08 21:57:10 agent_control: ERROR: (13...

• mikeshinn
• May 22, 2020 19:59
• Updated
• 1 follower
• 0 comments
• 0 votes

Geoblock Countries in ASL 5

1. ModSecurity
2. Configuration

To block access from specific countries to a system, log into the ASL GUI and click on the ASL option on the left hand side of the GUI.  Then click "Blocking" and select the GeoBlocking option.  Th...

• mikeshinn
• June 22, 2021 16:28
• Updated
• 1 follower
• 0 comments
• 0 votes

Fix rpmdb: Thread died in Berkeley DB library

1. ASL 5.5
2. Self-help

If you see rpmdb errors during package management (during yum/dnf/rpm operations) like this: rpmdb: Thread/process 10605/3765405599488 failed: Thread died in Berkeley DB lib rary error: db3 error(-...

• mikeshinn
• November 14, 2019 18:57
• Updated
• 2 followers
• 1 comment
• 1 vote

ossec-analysisd: ERROR: Invalid integrity message in the database.

1. Atomic OSSEC
2. Self Help

To address this ERROR run this command as the root user on the OSSEC hub: /var/ossec/bin/syscheck_update -a Then restart OSSEC with this command: service ossec-hids restart  

• mikeshinn
• September 06, 2019 19:01
• Updated
• 1 follower
• 0 comments
• 1 vote