I am attempting to ignore an ossec rule for an alert that is triggered from a certain host. Rule 5401 exists in the syslog_rules.xml file:
<rule id="5401" level="10">
<if_sid>5400</if_sid>
<match>3 incorrect password attempts</match>
<description>Three failed attempts to run sudo</description>
</rule>
If this rule is triggered, a level 10 alert level is generated, along with an email
I want to add an exception to this rule in the local_rules.xml file, where if the hostname that sends the alert is ip-10-XX-XX-XX, no email alert will be generated. I have been able to create this rule in local_rules.xml:
<rule id="10040" level="0">
<if_sid>5401</if_sid>
<match>myUserName</match>
<description>List of rules to be ignored.</description>
</rule>
And when rule 5401 is triggered by myUserName, no alert is generated. According to ossec documentation, I should be able to replace the match argument with:
<hostname>ip-10-XX-XX-XX</hostname>
However this has been unsuccessful, and an email alert still generates when I trigger rule 5401
Related
I'm getting the following error when I try to run the powershell script generated by Azure Devops to config my deployment group. How do I fix this.
"The remote server returned an error: (407) Proxy Authentication Required."
It looks like you're behind an authenticating proxy. Powershell isn't great at handling them - some PS commands use the system proxy, some don't. There's several ways of working around it though if you search for that specific issue.
You could try this added to your script (just insert at the start of the script), which takes your current credential/proxy and passes it to the any web requests:
[System.Net.WebRequest]::DefaultWebProxy = [System.Net.WebRequest]::GetSystemWebProxy()
[System.Net.WebRequest]::DefaultWebProxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
These types of messages are not unique to anything with Azure. It's purely an environmental network issue, that you must implement in your code.
Similar posts have been asked here...
The remote server returned an error: (407) Proxy Authentication Required
... but they actually showed what their code looks like when making a request ...
myProxy.Credentials = NetworkCredential("user", "password", "domain");
<system.net>
<defaultProxy enabled="true" useDefaultCredentials="true">
<bypasslist>
<clear />
</bypasslist>
<proxy proxyaddress="myproxy:9000"
usesystemdefault="false"
bypassonlocal="true"
autoDetect="False" />
</defaultProxy>
</system.net>
... whereas you are not. I point you back to the SO rules in my comment.
So, see that SO, to determine if anything in that thread helps you.
Checking the powershell script, you can find it calls .\config.cmd --deploymentgroup ....
So, you can edit it to specify proxy information:
./config.cmd --proxyurl xxx --proxyusername "myuser" --proxypassword "mypass" --deploymentgroup ...
More information: Run a self-hosted agent behind a web proxy
I have a separate rest module named 'x' where I have used spring security with basic auth filter(username and password) in complete module therefore any request hitting this rest services should be logged-in but I have one page for forgot password where I am mapping in the same x module due to this auth filter I am unable to proceed. If I am logged in and going to this page and using the services of x module then its working fine but not in case of logged out users.
I tried these thing for not working
<http pattern="/forgotpass" security="none"/>
<intercept-url pattern="/forgotPassword" access="permitAll"/>
<intercept-url pattern="/forgotPassword" filter="none"/>
--> access="permitAll" does not work since it does permit all url but still it will authenticate with filter
and filter="none" is depricated not even able to start my jar when I put this thing.
security="none" gives 403 forbidden error sometimes or internal server error since I was changing the pattern "rest/forgotPassword" or "forgotPassword".
I resolved my problem by myself.
It was sequence that was having problem with.
I was using <intercept-url pattern="/forgotPassword" access="isAnonymous()"/>
after this <intercept-url pattern="/**" access="hasAuthority('USER')" />
I just order the line by putting "/forgotPassword" url on top of "/**"
Reason: It was overriding the request pattern in sequence it came first therefore it didnt allow to pass because role was missing in forgotpassword
Using the 301 Redirect Module for Sitecore 7, I'm having a problem establishing the proper Requested Expression and Source values to use in the Sitecore Redirect Module. I have an example url that is typically getting request that I want redirected to the home page of the site.
The example url requests all contain excite.com at the end of the URL:
https://www.example.com/products/foods/apples/excite.com
https://www.example.com/products/foods/oranges/excite.com
https://www.example.com/products/foods/pears/excite.com
I would like these requests that contain excite.com at the end to be redirected to the home page (https://www.example.com) but I can't for the life of me figure this out.
I haven't used the 301 Redirect Module but have used similar modules. There are 2 issues that need resolving.
You need to create a redirect using the Pattern Match Redirect. The regex you need is "match any request that ends with /excite.com"
.*(/excite.com)$
The other issue is that Sitecore is seeing the .com part of the url as an extension and then filtering the request. You need to add com to the list of Allowed extensions.
<configuration xmlns:patch="http://www.sitecore.net/xmlconfig/">
<sitecore>
<preprocessRequest>
<processor type="Sitecore.Pipelines.PreprocessRequest.FilterUrlExtensions, Sitecore.Kernel">
<param desc="Allowed extensions (comma separated)">aspx, ashx, asmx, com</param>
</processor>
</preprocessRequest>
</pipelines>
</sitecore>
</configuration>
All that said, if you are using the IIS Rewrite module then you could just add a rule in there which will get resolved and redirect before you even hit the Sitecore pipelines and therefore you do not need to worry about the allowed extensions filter.
<rules>
<rule name="Redirect excite.com" stopProcessing="true">
<match url=".*(/excite.com)$" />
<action type="Redirect" url="https://{HTTP_HOST}" appendQueryString="false" />
</rule>
</rules>
Change the regex to (excite.com)$|.*(/excite.com)$ if you also want it to match http://ww.example.com/excite.com
We are releasing a new version of our Web app and in the process doing a branding change with a new domain also.
Both our apps are hosted in Azure.
Current App - Cloud Service
New App - Azure Website
What I want to achieve is redirect any old links from the old domain to the new domain while keeping the url portion.
Example:
User visits
https://my.currentdomain.com/any/link
and will be directed to
https://my.newdomain.io/any/link
Do I do a CNAME from currentdomain to newdomain and then a URL Rewrite in my web.config??
Thanks!
Update - I've test this locally and it does what I'm looking for. I'll just point the cname of the old domain to the new domain and this redirect should pick up the links.
<rule name="Redirect to new domain" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^olddomain(:\d+)?$" />
</conditions>
<action type="Redirect" url="https://my.newdomain.io/{R:1}" redirectType="Permanent" />
</rule>
The fact that you host your application in Azure has minimal to no impact on the solution you are going to find.
When you do such things, you usually want to also keep all the credits that you have in the search engines. And you can only achieve that if your https://my.current.domain.com/any/link does a HTTP 301 Redirect Permanent to the new location.
Depending on the size and complexity of your project this can be a trivial task or not so easy.
One option, which is valid only if you want to redirect few (like a dozen) links. You can do that directly in your Web.Config file:
<location path="any/link">
<system.webServer>
<httpRedirect enabled="true" destination="https://my.newdomain.io/any/link" httpResponseStatus="Permanent" />
</system.webServer>
</location>
This of course makes no sense when you have a bunch of links, or even a whole CMS behind the scenes. If this is the case, I would opt-in for writing a custom HTTP Module for IIS. This module will have the sole purpose of inspecting the incoming URI and either let it further, or generate HTTP 301 redirect.
If you are using the latest and the greatest from Microsoft, the same (custom HTTP Module) can be achieved with a custom OWIN Middleware.
If it is just domain change, all paths and query strings are to be kept, check out this good article how can you do this with URL Rewrite under IIS.
add this code to your header file:
<script type="text/javascript">
// Get Current URL
var url = window.location.href;
// Replace domain in URL
var newurl = url.replace("olddomain.com", "newdomain.com");
// Redirect to new URL
document.location = newurl;
</script>
I am new to DataPower.
I have created Multi Protocol Gateway (MPG) and create a processing policy with 3 rules.
1) Request Rule
2) Response Rule
3) Error Rule
All rules are having '*' in the matching action.
Whenever I am getting 'http 500' error with soap fault. Process to go to Error rule. Response rule is getting executed.
Is there any thing I have to change in matching action for response rule.
I have tried to change the sequence of rules in policy.
You have to turn off 'Process Backend Errors' under 'Advanced' tab for MPG.
if it is on, Response rule process the errors also