Tag Archive: windows

OSSEC Agent Fails to start

Recently I was adding the OSSEC agent to a windows 2008 r2 machine and ran into a issue where the the agent was failing to start saying [check config!]. Well I had never changed the config so there should not be anything wrong with it. After some searching I found a post suggesting to go to regedit and modify HKLM\system\currentcontrolset\services\OssecSrv ImagePath – c:\program files (x86)\ossec-agent\ossec-agent.exe. Add quotes around “c:\program files (x86)\ossec-agent\ossec-agent.exe” and restart. After restarting I still had no luck. Then it came to me.

I went into regedit again and realized before I got to the regedit screen, I was interupted by the User Acess Control prompting me to lower my settings, or to run regedit as an administrator. Well if the agent is attempting to start, but being interupted by UAC, then this would surely prevent it from reading the config correctly. so here is what I did.

Go to Start >> Run type msconfig into the text field. When the MSConfig utility shows up, click on the “Tools” tab. In the list you should see “Change UAC Setting”. Click on it and select the “Launch” button below. This will give you the UAC windows where you can lower the bar to never notify. After that is done, go ahead and restart. Once restarted, check your OSSEC agent and it should be running!.​


Microsoft has released an advisory stating that an inside source has found vulnerabilities for 23 different areas within Microsoft applications.

I thought I would post this to give everyone a heads up out there, this appears to be a significant find. I give kudos to their staff for being diligent in trying to secure their application portfolios. This is not an easy thing to stay on top of and manage to enhance your portfolio in the process.. So finally this being a rare occurrence, but thank you Microsoft for getting this right.

Below is the link to the article in which you will find the story. Check it out!.


One issue I seem to run into more and more now that I have a VMWare virtual environment, is Ghost Nic’s. yes it can be a little scary, but easily resolved. So what is a Ghost Nic?. It is when a Nic card is removed from a VM or physical box prior to removing it’s settings. So when another Nic is installed it shows as Nic #2 , and windows will complain that the IP is already in use by another Nic if you are trying to reuse the IP from the old one. Here is the odd part, there is no other Nic at least not anymore so how could this be?. Well by removing a Nic before uninstalling it, the windows registry will continue to map to a Nic that is no longer present. It holds it’s settings in the registry so that if it is ever put back in, then all your settings will show back up. Each device in windows has a unique ID that identifies it within windows and this is what windows ties the settings to.

This seems to be more of an issue now because in VMWare all your devices are now virtual to the VM, and If anything happens to your VMWare tools or you need to P2V a machine it is very easy to forget to uninstall your Nic cards before re installing or virtualizing your physical box. Of course I always forget to do this. Now if it is a physical box, the easy fix is just pop in the old Nic and uninstall the drivers and settings by going to device manager >> uninstall device then you are all set. In VMWare, well you can’t pop in a virtual Nic and uninstall the drivers because every time you install a new Nic in a VM, it is given a new UUID. So I will show you how to take care of it another way.

First goto your command prompt and run this command

Then right click on My Computer >> click on Properties >> then goto Device Manager.

Once you are in Device Manager click on the View menu option, then select “Show Hidden Devices”. You should see your ghost Nic in the list of devices in your Device Manager window. At this point right click the device, and select uninstall. Now your Nic settings are freed up and you can assign your static IP along with your other settings without having any issues.

If you have any problems, questions, comments. Feel free to leave me a comment or email me.

Today i thought i would talk a bit about subnetting. For all those out there in the IT industry, you know the importance of subnetting. Some may know how to calculate a proper subnet, but for those that are unsure i will explain. Subnet’s allow pc’s on a network to communicate with each other, it allows you to find other pc’s on the same network you are connected to among many other things. For those who are not sure what a subnet is i will give an example and move forward to explain how to calculate a proper subnet for your network. So what is a subnet? here is an image of what one looks like on a home network.

So what does this tell us? this says that i can use 254 ip address’. How do i get this? well here it goes.

Each octet of an ip address represents 8 bits. A bit can be a 1 for on or 0 for off. if we turned on all bits in an ip address it would look like 11111111.11111111.11111111.11111111 or . So how do i get 255 for each octet from all bits being turned 0n?. well the short of it is that each bit represents a particular number. I won’t get into all the gory details of subnetting but I will give you the highlights and answer any questions from there. Each bit turned on represents 128 64 32 16 8 4 2 1. notice each number as it progress’ is doubled. If you added these numbers up you would get 255. so for each octet you get a max number of 255. 255 is always reserved for the last subnet and should never be used for an IP.

In this case we can use ip’s – With Cisco zero subnet you can now use -254 but we will not get into that.  The last number in the subnet is always reserved for what we call a broadcast address which in this case is 255.

Lets say you only wanted 62 ip’s how do we figure out the subnet for that? well we add 2 for reserved IP’s and we get 64 subtract 64 from 256 and you get 192. this will be your subnet which will look like So how do we figure the hosts from here? if we turn on the first 2 bits like this 11000000 for the last octet we add 128 + 64 because those bits are turned on right? this gives us 192 . It also tells us since the first 2 bits are turned on, the number of subnet’s we can use is 2^2 or 4 subnet’s. So the bits turned off gives us the block sizes that are associated with these subnet’s. Our block sizes are 2^6 because 6 bits are turned off. Most everything here is a multiple of 2, so 2^6 gives us a block size of 64.

For  subnet we can use the following

  • – 62 with 63 reserved for the broadcast. 64 is our next subnet.
  • – 126 with 127 reserved for broadcast. 128 is our next subnet.
  • – 190 with 191 reserved for broadcast. 192 is our next subnet.
  • – 254 with 255 reserved for broadcast ip.

This is the quick and albeit short explanation of how to calculate a subnet. From here you can calculate either 128 64 32 16 8 4 size subnets fairly easy, or if you feel real brave you can go on to variable length subnet mask which deals with more granular size subnet’s for segmenting your networks.

Please feel free to ask questions if you like. I certainly enjoy the feedback as well! thanks.

%d bloggers like this: