mikeshinn
- Total activity 132
- Last activity
- Member since
- Following 1 user
- Followed by 2 users
- Votes 10
- Subscriptions 66
Articles
Recent activity by mikeshinn Sort by recent activity-
ASL Installation Pre-requisites
Introduction Atomic Secured Linux, or ASL for short, is a powerful security suite that will be analyzing actions of your system in real time. For it to work correctly it will need a properly tuned...
-
ModSecurity: Multipart parsing error
Example: Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 1.2.3.4 ModSecurity: Multipart parsing error (init): Multipart: Boundary not found in C-T. [hostname "etax14.ird.gov.hk"]...
-
OSSEC is using a lot of drive space
OSSEC is using a lot of drive space Discussion OSSEC can report what changed in a file, and can keep a record of all the changes that have occured with that file. It will keep these "diffs" in...
-
How can I copy an ASL config to a new server?
Copy the configuration file to the new system From a system with ASL already installed, copy this file: /etc/asl/config On the new system, take the copied config file and paste it in the following...
-
Request body no files data length is larger than the configured limit
The request has exceeded the locally configured limit for this setting for modsecurity: WAF_SECREQUESTBODYNOFILESLIMIT Increase the limit as needed for your user case. To change this limit for the...
-
Request body (Content-Length) is larger than the configured limit
This means that the maximum request body size ModSecurity will accept has been exceeded. The limit is configured in bits. For example: 1 gigabit is 134217728 1 gigabyte is 1073741824 (or 8 ti...
-
Rule execution error - PCRE limits exceeded (-8): (null).
This message means that the locally configured internal limit was been exceeded in modsecurity. This limit is used to prevent a special type of DOS attack on the WAF itself. This is not caused by...
-
Geoblock Countries in ASL 5
To block access from specific countries to a system, log into the ASL GUI and click on the ASL option on the left hand side of the GUI. Then click "Blocking" and select the GeoBlocking option. Th...
-
ossec-remoted: CRITICAL: (1206): Unable to Bind port '1514' due to [(98)-(Address already in use)]
This message means that the ossec-remoted service is already running. If you are starting this service manually, for example with this command: /var/ossec/bin/ossec-remoted -f Do not start the OSS...
-
ossec-modulesd:vulnerability-detector: WARNING: (12345): There was no valid response to
Examples: Jan 1 11:11:11 s27 env: 2018/1/1 11:11:11 ossec-modulesd:vulnerability-detector: WARNING: (5489): There was no valid response to 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.m...