mikeshinn
- Total activity 63
- Last activity
- Member since
- Following 1 user
- Followed by 2 users
- Votes 7
- Subscriptions 29
Articles
Recent activity by mikeshinn Sort by recent activity-
Agents Disconnected from HUB
If the agent is already registered with the hub, please follow the troubleshooting steps in this article Step 1) Confirm the process ossec-remoted process is running on the hub, and listening on ...
-
ossec-agentd: WARNING: (1404): Authentication error. Wrong key or corrupt payload. Message received from agent
This message when found on an agent can mean one of two things: 1. The agent is temporarily unable to connect to the hub. 2. The agent has the wrong key, or the key has been deleted or been oth...
-
rootcheck: ERROR: No rootcheck_trojans file: '/var/ossec/etc/shared/rootkit_trojans.txt'
This message can be safely ignored. This is a legacy feature in Atomic OSSEC and Atomic Protector and is no longer used. Atomic OSSEC and Atomic Protector have an advanced antimalware system and...
-
Creating a custom cronjob on the OSSEC server
Step 1: Open a text editor on your system. On Windows notepad is a good text editor, on a Linux based system we recommend either vi or gedit. You will add your cronjob script to this file. For e...
-
Geoblock Countries in ASL 5
To block access from specific countries to a system, log into the ASL GUI and click on the ASL option on the left hand side of the GUI. Then click "Blocking" and select the GeoBlocking option. Th...
-
ModSecurity: Multipart parsing error
Example: Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1.2.3.4 ModSecurity: Multipart parsing error (init): Multipart: Boundary not found in C-T. [hostname "etax14.ird.gov.hk"]...
-
How can I copy an ASL config to a new server?
Copy the configuration file to the new system From a system with ASL already installed, copy this file: /etc/asl/config On the new system, take the copied config file and paste it in the following...
-
Request body no files data length is larger than the configured limit
The request has exceeded the locally configured limit for this setting for modsecurity: WAF_SECREQUESTBODYNOFILESLIMIT Increase the limit as needed for your user case. To change this limit for the...
-
Request body (Content-Length) is larger than the configured limit
This means that the maximum request body size ModSecurity will accept has been exceeded. The limit is configured in bits. For example: 1 gigabit is 134217728 1 gigabyte is 1073741824 (or 8 ti...
-
Rule execution error - PCRE limits exceeded (-8): (null).
This message means that the locally configured internal limit was been exceeded in modsecurity. This limit is used to prevent a special type of DOS attack on the WAF itself. This is not caused by...