https://wiki.atomicorp.com/wiki/index.php?title=HIDS_30155&feed=atom&action=historyHIDS 30155 - Revision history2024-03-28T10:29:37ZRevision history for this page on the wikiMediaWiki 1.20.2https://wiki.atomicorp.com/wiki/index.php?title=HIDS_30155&diff=4356&oldid=prevMshinn at 20:51, 2 January 20142014-01-02T20:51:37Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:51, 2 January 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 13:</td>
<td colspan="2" class="diff-lineno">Line 13:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Disabling this rule will have no effect on Apache returning a non-existent file error.  Disabling this rule will simply cause ASL to no longer report when this occurs.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Disabling this rule will have no effect on Apache returning a non-existent file error.  Disabling this rule will simply cause ASL to no longer report when this occurs.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>ASL will also not shun on this event, so there is no effect on the end user.  The default threshold to trip this rule is 25 non-existent file accesses in 60 seconds.  Multiple accesses to non-existent files may indicate an attacker is attempting to find a vulnerable piece of software, or other sensitive information on the system.  We not recommend you disable this rule.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">'''</ins>ASL will also not shun on this event, so there is no effect on the end user.<ins class="diffchange diffchange-inline">''' </ins> The default threshold to trip this rule is 25 non-existent file accesses in 60 seconds.  Multiple accesses to non-existent files may indicate an attacker is attempting to find a vulnerable piece of software, or other sensitive information on the system.  We not recommend you disable this rule.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_30155&diff=4355&oldid=prevMshinn at 20:51, 2 January 20142014-01-02T20:51:15Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:51, 2 January 2014</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 9:</td>
<td colspan="2" class="diff-lineno">Line 9:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>= Description =</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>= Description =</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>ASL is reporting that a client has attempted to access a non-existent file, or files, multiple times via Apache.  ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened.</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>ASL is reporting that a client has attempted to access a non-existent file, or files, <ins class="diffchange diffchange-inline">'''</ins>multiple times via Apache<ins class="diffchange diffchange-inline">'''</ins>.  ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Disabling this rule will have no effect on Apache returning a non-existent file error.  Disabling this rule will simply cause ASL to no longer report when this occurs.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Disabling this rule will have no effect on Apache returning a non-existent file error.  Disabling this rule will simply cause ASL to no longer report when this occurs.</div></td></tr>
</table>Mshinnhttps://wiki.atomicorp.com/wiki/index.php?title=HIDS_30155&diff=3187&oldid=prevMshinn: Created page with "{{Infobox |header1= Rule 30155 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Multiple attempts to access a non-existent file }} = Description = ASL is re..."2013-02-16T18:56:17Z<p>Created page with "{{Infobox |header1= Rule 30155 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Multiple attempts to access a non-existent file }} = Description = ASL is re..."</p>
<p><b>New page</b></p><div>{{Infobox<br />
|header1= Rule 30155<br />
|label2 = Status<br />
|data2 = Active<br />
|label3 = Alert Message<br />
|data3 = Multiple attempts to access a non-existent file<br />
}}<br />
<br />
= Description =<br />
<br />
ASL is reporting that a client has attempted to access a non-existent file, or files, multiple times via Apache. ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened.<br />
<br />
Disabling this rule will have no effect on Apache returning a non-existent file error. Disabling this rule will simply cause ASL to no longer report when this occurs.<br />
<br />
ASL will also not shun on this event, so there is no effect on the end user. The default threshold to trip this rule is 25 non-existent file accesses in 60 seconds. Multiple accesses to non-existent files may indicate an attacker is attempting to find a vulnerable piece of software, or other sensitive information on the system. We not recommend you disable this rule.<br />
<br />
<br />
= Troubleshooting =<br />
<br />
== False Positives ==<br />
<br />
None. <br />
<br />
If you do not wish to be alerted to these events, simply disable the rule. This will have no effect on Apaches behavior, it simply means ASL will no longer report this event.<br />
<br />
== Tuning Guidance ==<br />
<br />
To configure the firewall to allow connections to this port, please see the [[ASL firewall]] documentation page.<br />
<br />
= Additional Information =<br />
<br />
== Similar Rules ==<br />
<br />
None.<br />
<br />
== Knowledge Base Articles== <br />
<br />
None.<br />
<br />
== Outside References == <br />
<br />
None.<br />
<br />
== Notes ==</div>Mshinn