On Fri, 22 Jan 2016, Giorgio Biondi wrote:
I have some linuxbox running with Centos but only box ha this strange
behaviur..
All work fine but if I stop the service load on this linuxbox go to
impossible value.. today have reached 700 (is true.. 700)
After some minutes load goes down to normal value.. 0,40
If I get processlist I see many 'firewall-drop.sh'..
Other bad thing is.. I see many (today about 11000) file in /var/ossec like
this:
-rw------- 1 root ossec 0 22 gen 09:50 ossec-hosts.8zU2h1Ie1K
-rw------- 1 root ossec 0 22 gen 09:51 ossec-hosts.XUtatiQkNR
It's a known problem with the current release running on exposed busy
servers, but it's mitigated in the current master branch. You'll need to
remove the stale ossec-hosts.xxxxxxxxxx files manually. See the following
for more info:
https://github.com/ossec/ossec-hids/issues/609
https://github.com/ossec/ossec-hids/pull/618
https://github.com/ossec/ossec-hids/pull/624
Antonio Querubin
e-mail: t...@lavanauts.org
xmpp: antonioqueru...@gmail.com