Hello,
I come back about the above error.
For now, I'm using 2.7.1 on mac 10.9.2 and got plenty of
Files hidden inside directory '/var/log/com.apple.launchd'. Link count does
not match number of files (167,2).
Files hidden inside directory '/var/tmp'. Link count does not match number
of files (16,5).
Files hidden inside directory '/var/log/asl/AUX.2014.05.03'. Link count
does not match number of files (14,2).
Files hidden inside directory '/usr/bin'. Link count does not match number
of files (1057,2).
Files hidden inside directory '/var/mail'. Link count does not match number
of files (3,2).
Files hidden inside directory '/usr/include/hfs'. Link count does not match
number of files (6,2).
Files hidden inside directory '/usr/include/rpcsvc'. Link count does not
match number of files (34,2).
/var/log|/private/var/log|/usr subdirs seem the worst offenders
$ ls -1U /var/tmp/| wc -l
17
$ ls -ld /var/tmp
drwxrwxrwt 5 root wheel 646 30 mar 16:30 /var/tmp/
It seems a false positive, I saw some other references online (and on
FreeBSD9) but no solution
https://www.mail-archive.com/ossec-list@googlegroups.com/msg04921.html
http://ossec.uservoice.com/forums/18254-general/suggestions/2621080-there-is-a-false-positive-on-freebsd9-rootcheck-r
http://marc.info/?l=ossec-dev&m=121268090827199 (ossec bugzilla dead)
code seems to say darwin is already a bit special (l.292)
https://github.com/ossec/ossec-hids/blob/4d557bc9d24f113980a3d4b00373f9c55f3d74be/src/rootcheck/check_rc_sys.c
Currently, there is no more open bugzilla/trac for ossec, right?
So, what would be the best way to solve that?
Thanks.
Cheers,
Julien
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
