Category Archives: Security

How to Find Server Public IP Address in Linux Terminal

root@test:/var/log/nginx# wget -qO – icanhazip.com
www.xxx.yyy.zzz
root@test:/var/log/nginx# wget -qO- http://ipecho.net/plain | xargs echo
www.xxx.yyy.zzz
root@test:/var/log/nginx# wget -qO – icanhazip.com
www.xxx.yyy.zzz
root@test:/var/log/nginx# curl icanhazip.com
www.xxx.yyy.zzz
root@test:/var/log/nginx#

An appropriate representation of the requested resource /wp-admin/options-permalink.php could not be found on this server.

Not Acceptable

An appropriate representation of the requested resource /wp/wp-admin/options-permalink.php could not be found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

I was getting below error, I believe it is to do with mod_security.

I have tested this by putting below entry in my .htaccess, But unfortunalty does not work for me, so raise a support ticket and disabled with hosting provider.

<IfModule mod_security.c>
  SecFilterEngine Off
</IfModule>

You sure can do it manually. I am trying to find out why the page is blank too, but in the mean time I have manually altered the setting in PHPMyAdmin.

1. Go in to PHPMyAdmin
2. In the sidebar on the left select wp_options
3. Go to Page number: 2
4. click the pencil on the link with permalink_structure
5. In the big box next to option_value and input /%postname%

OSSEC v2.0 commands

ossec-reportd is a program to create reports from OSSEC alerts. ossec-reportd accepts alerts on stdin, and outputs a report on stderr.

Note

Since ossec-reportd outputs to stderr some utilities like less will not work if you do not redirect the output. End the ossec-reportd with 2>&1 to redirect stderr to stdout. more or less can be easily used after the stderr redirect.

ossec-reportd argument options

-h

Display the help message

-f <filter> <value>

Filter the results.

-r <filter> <value>

Show related entries.

-n <string>

Create a description for the report.

-s

Show the alerts related to the summary.

ossec-reportd example usage

Example 1: Show Successful Logins

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication_success

Example 2: Show Alerts Level 10 and Greater

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 10

Example 3: Show the srcip for all users

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication -r user srcip

Example 4: Show Changed files as reported by Syscheck

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group syscheck -r location filename

Example output

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd 2>&1 | more

2011/07/11 21:01:36 ossec-reportd: INFO: Started (pid: 1444).

2011/07/11 21:01:41 ossec-reportd: INFO: Report completed. Creating output…

Report completed. ==

————————————————

->Processed alerts: 17

->Post-filtering alerts: 17

->First alert: 2011 Jul 11 00:00:46

->Last alert: 2011 Jul 11 00:16:52

……………………………………………………………………………

…………………………………………………………………………………………………….

In case you have not had a chance to check it out OSSEC v2.0 added a command-line “reporting” tool. It is great for checking to see if agents, syslog etc is actually making it into OSSEC|OSSIM without having to install the web gui on OSSIM.

Note: These commands are from the OSSEC tutorial but I have made a change in the path to the ossec-reportd binary:

_________________________________________________________

Show all IP addresses/users that logged in during the day

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -n “Logins summary” -f group authentication_success

_________________________________________________________

Show all IP addresses/users that logged in during the day and related srcips locations for each user

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -n “Logins summary” -f group authentication_success -r user srcip -r user location

_________________________________________________________

Show all multiple authentication failures (brute force attacks)

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -n “Failures summary” -f group authentication_failures

_________________________________________________________

Show a summary for the month (or day) <July 2009>

zcat /var/ossec/logs/alerts/2009/Jul/*.gz | /var/ossec/bin/ossec-reportd -n “Month Summary”