Cloudron works great with Wazuh/Ossec agent

Just wanted to report that, I installed Wazuh/ossec agent on my cloudron server to grab logs and send to a security onion. I've been running it alongside the Cloudron now for a while. I've been getting alerts, logs sent back etc. Everything is going well. So if you want a HIDS on your Cloudron server, Wazuh works.

@d19dotca I used the qualys vulnerability scanner community edition. You need to create an qualys account and use the actual vulnerability scanner. Also if you are running a firewall, you may have to unblock the qualys IP if it auto blocks it when it attempts various "scans' like checking for heartbleed etc. you can sign up for here https://www.qualys.com/community-edition/

I've tried element/matrix and now rocket.chat. I find rocket.chat to be lightyears easier on administration/moderation then matrix. Admin rocket.chat is borderline enjoyable. Admin matrix was not. Additionally, the users i've talked to about ease of use (caveat only about 10) all preferred rocket hands down to element. Lastly, Rocket has the dankest GIFS.

I recently ran some vulnerability tests via qualys against my cloudron setup and im showing a vulnerability with the 993 using tls 1.0. I thought 1.0 was disabled by cloudron? Is this a false alarm? IF not, is there an easy way to force tls 1.2 only?

@girish sir

BTW, I apologize for not using your dedicated vulnerability reporting method.

1. I just read up on it
2. I really thought it was due to a settings misconfiguration part on my end and a false alarm as well. I was initially just looking for Guidance on fixing what I set up wrong. In the future if it's vulnerability concerned, I'll use your reporting mechanisms.

I've tried sendgrid and mailgun. 1. They were both similiar in ease to configure. 2. Mailgun seems like a better deal for those not using a massive amount of emails a month.

Just wanted to report that, I installed Wazuh/ossec agent on my cloudron server to grab logs and send to a security onion. I've been running it alongside the Cloudron now for a while. I've been getting alerts, logs sent back etc. Everything is going well. So if you want a HIDS on your Cloudron server, Wazuh works.

I could really really use this.
If u couple this with an ability to divert searx traffic to the VPN this would be a huge benefit towards at least partial anonymous searching.

@girish my Ossec agent first picked up the log , then I started watching it and very soon after reboot it will throw that warning and get oom killed.

@girish yeah server has plenty of memory. I have vault installed but I'm not actually using it yet so I'm unsure of why it's running out of memory. It's definitely getting oom killed though. I get the warning and it shows up in logs. Could it have a memory leak?
Weird thing is it seems to not eat up any server memory just I guess wgats assigned to its container? I still have plenty of free, and cache . Like multi gb worth.

I've tried element/matrix and now rocket.chat. I find rocket.chat to be lightyears easier on administration/moderation then matrix. Admin rocket.chat is borderline enjoyable. Admin matrix was not. Additionally, the users i've talked to about ease of use (caveat only about 10) all preferred rocket hands down to element. Lastly, Rocket has the dankest GIFS.

I've tried sendgrid and mailgun. 1. They were both similiar in ease to configure. 2. Mailgun seems like a better deal for those not using a massive amount of emails a month.

Does cloudron use the vault process? If so has anyone else noticed that process running out of memory and getting killed by oom? Im getting a "memory cgroup out of memory" warning then process (vault) always getting killed.

@girish agreed.

@girish sir

BTW, I apologize for not using your dedicated vulnerability reporting method.

1. I just read up on it
2. I really thought it was due to a settings misconfiguration part on my end and a false alarm as well. I was initially just looking for Guidance on fixing what I set up wrong. In the future if it's vulnerability concerned, I'll use your reporting mechanisms.

Hey, glad I could be of service. Thanks for the quick replies and thankfully, its quickly remedied.