I have read about Centralized configuration in Wazuh.
But can the rules be enabled/disabled in server instead of changing in all servers ?
I found answer here..
Within the ossec model, the agents have no information about rules
whatsoever. So, if
you need to modify a rule, you need to do it on the server side.
How do you do it? If you have a rule like that (from our FAQ):
` <group name="local">
<rule id="100101" level="0">
<if_sid>123, 456</if_sid>
<match>xyz</match>
<description>Events ignored</description>
</rule>
</group>
`
But you only want it to apply to one agent, you need to use the "hostname" tag
to limit it to the agents you want:
<group name="local">
<rule id="100101" level="0">
<if_sid>123, 456</if_sid>
<match>xyz</match>
<hostname>agent1|agent2</hostname>
<description>Events ignored</description>
</rule>
</group>
Hope it helps.
*http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules
Related
I developed a website locally using "localhost" and created all the site links, buttons, etc using a relative path structure. My server code is written in Node.js/Express. I am also using .ejs for a template engine...therefore all my server webpages are in a folder called "views/pages".
Using this structure, for example, I have a button with a link coded as:
Enter Site
On my development 'localhost' machine this was sufficient to call the '_landing' route in my server script which would then render the proper page to be served...without any difficulty. The server code would read something like this:
app.get('/', function (req, res) {
res.render('pages/_splash');
});
app.get('/_landing', function(req, res) {
res.render('pages/_landing', {user_stat: _subscriber});
});
Now I have uploaded my site files to a Windows server using Plesk software. The site files and folders are located in a directory named "httpdocs". It now seems my relative path links are broken. Using the button link above again as an example for some reason it now wants to route to "https://example.com/_landing"...which is obviously not correct. Why does it seem the relative path now seems to ignore the route call in Node.js...?
Any advice greatly appreciated, I am having extreme difficulty posting my site online due to a myriad of undocumented problems like this...posting a request to my server support will be useless since they do not respond to "coding issues". I thank you in advance.
For anybody that may be interested after several weeks I was able to determine the problem here. I eventually enlisted Plesk support in an effort to solve this issue. It was confirmed to me by a Plesk technician that my described issue was caused by a bug in the Plesk software platform.
The solution to resolve the bug was to insert some additional code in the 'web.config' file as follows:
<rewrite>
<rules>
<remove name="startup-file for site #1" />
<rule name="startup-file for site #1">
<match url="/*" />
<conditions />
<serverVariables />
<action type="Rewrite" url="/test2.js" />
</rule>
</rules>
</rewrite>
This code is to appear in the 'web.config' file AFTER "/httpErrors" AND WITHIN "/system.webServer"...the 'test2.js' should be set to the JS script file for your domain.
Microsoft claims CORS can be enabled using the CORS module of IIS on a single file (point #1 see reference).
https://learn.microsoft.com/en-us/iis/extensions/cors-module/cors-module-configuration-reference
How can this be done? I don't see anything restricting the rules by site or file.
Does anyone know where the DTD for this module is? I can figure it out if I have the specification.
Thanks Lex li!
An example of how to do this is below:
<location path="myFile.json">
<system.webServer>
<cors enabled="true">
<add origin="https://*.myDomain.com">
<allowHeaders allowAllRequestedHeaders="true">
</allowHeaders>
</add>
</cors>
</system.webServer>
</location>
Obviously you can add other CORS attributes in the middle as you see fit, but this solves the "location" part of my issue.
Just would like provide a GUI way to set cors,
You could go to IIS manager ->site node->content view->select the file you want to set CORS->switch back to feature view.
Now you will see the file in your site node.You can go to configuration manager and set CORS module via web.config.
I've got a .NET Web API 2 application, I've hooked up the api to send me a file id and from there I get the unique file from the server.
Example:
Download
I need it to be a unique id since there could be multiples of the file in the repo. However, when I try to click the download button I get a :
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
I was thinking a re-write rule might be a good action, but I dont really want to rewrite it, i just want to allow anything /api/attachment no matter what the rest.
I've already got one rewrite rule since my page is a single-page-application to direct responses to the Default.cshtml like:
<rewrite>
<rules>
<rule name="Default" stopProcessing="true">
<match url="^(?!Lib|api|Assets|Views|Directives|Services|Controllers|signalr).*" />
<action type="Rewrite" url="Default.cshtml" />
</rule>
</rules>
</rewrite>
any thoughts on best way to achieve this?
I was able to resolve by creating an iframe and setting the src to the download like:
$("body").append('<iframe name="downloadFrame" id="download_iFrame" style="display:none;" src="" />');
and then in the C# I set the header like:
result.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
result.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
Is there a way to prevent user accessing ANY page of application directly from particular page after log in using only JSF/Seam 2 navigation rules in pages.xml.
The aim - is to force user change password if it is expired. I considered something like following snippet ("user" - is a Seam #Name bean):
<page view-id="/editUserPwd.xhtml">
<navigation>
<rule if="#{user.changeRequestedToUser}">
<redirect view-id="/editUserPwd.xhtml"/>
</rule>
</navigation>
</page>
Thanks in advance
You almost got it...
<page view-id="*">
<navigation>
<rule if="#{identity.isLoggedIn() and user.passwordExpiredFlag}">
<redirect view-id="/editUserPwd.xhtml"/>
</rule>
</navigation>
</page>
I've developed a custom grid control that uses data-* attributes to configure how the grid is supposed to work (in a similar vein to how Bootstrap data API components work. For a particular deployment, I'm having to proxy my web application into another web application using IIS and Application Request Routing (ARR) + URL Rewrite. The proxying part is all done, I'm currently trying to configure the outbound rules for rewriting urls to match. For instance, I currently have rules set up such as:
Rewrite HTTP redirects by updating the Location: header.
Rewrite Html content for URIs in standard tags (e.g., A, Area, base, etc.)
Rewrite Css content for URI's that are relative (e.g. /cassette.axd -> /blog/cassette.axd).
The last issue I am having, is getting the URL rewrite module to accept my urls in data attributes, e.g., if my grid is such like:
<table data-grid data-query="/api/users/">
Should be rewritten as
<table data-grid data-query="/blog/api/users/">
I stress that all other tags, such as <a href and <img src work as expected and even a custom <property value tag is correctly rewritten. Just seems to by hypenated attributes.
I've tried adding a <customTags> section, with my custom tags in:
<customTags>
<tags name="Bootgrid">
<tag name="table" attribute="data-query" />
<tag name="table" attribute="data-update" />
<!-- This next tag WORKS -->
<tag name="property" attribute="value" />
</tags>
</customTags>
However, the above is not matching any attributes that have a hyphen. Not sure if this is actually solvable or not because I can't see anything in IIS configuration to set these.
Also annoyingly once you've created a set of Custom Tags in IIS, you can't seem to edit them again. :-/
I had the same issue, and it appears (although not confirmed by Microsoft) that IIS cannot handle a custom tag that contains a -
A work around that worked for me was to use another outbound Rule. In this example I am attempting to replace the data-zoom-image attribute within an img tag (You will need to replace the <img with <table and data-zoom-image with data-query in both the "match" and "action"
<rule name="RewriteRelativePathsCustomTags1" preCondition="IsHtml" enabled="true">
<match filterByTags="None" pattern="<img ([^>]*)data-zoom-image="(.*?)"([^>]*)>" />
<action type="Rewrite" value="<img {R:1}data-zoom-image="YOUR VALUE TO REWRITE i.e /blog{R:2}"{R:3}>" />
</rule>
<preConditions>
<preCondition name="IsHtml">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
</preConditions>
Hope this helps
ARR on IIS seems to have issues with tags that include attributes with a dash (-) in them.
Updating to v3.0.1952 seems to have solved the issue for me, but I'm still investigating.
Rather belated, but this was fixed back in 2015 in the Release To Web version (2.0.1952):
IMPORTANT - Changes in this release
Windows 10 and Windows Server 2016 Support - It is now possible to install URL Rewrite Module 2.0 on Windows 10 or Windows Server 2016 with this release
Custom attributes containing dashes are now supported. This is required as HTML 5 has the following rules for determining HTML attribute names: http://www.w3.org/TR/html-markup/syntax.html#syntax-attributes
Incorporates Hotfix for URL Rewrite 2.0 (June 2014) as in KB2974666