On Tue, Aug 30, 2016 at 10:00 AM, Stephen LuShing <[email protected]> wrote: > I have been getting this notification which I am trying to fix. This is an > normal occurance since this is an oracle database using ASM disks. The > notification is the same but the files changes. Here is what we received > > OSSEC HIDS Notification. > > 2016 Aug 30 08:33:48 > > > > Received From: (lxbanrdt2) 147.4.146.155->rootcheck > > Rule: 510 fired (level 7) -> "Host-based anomaly detection event > (rootcheck)." > > Portion of the log(s): > > File '/dev/oracleasm/iid/00000000000019BE' present on /dev. Possible hidden > file. > > --END OF NOTIFICATION > > OSSEC HIDS Notification. > > 2016 Aug 30 08:33:48 > > I want to have this notification ignored so any ideas on how to do this. >
Untested: <rule id="123456" level="0"> <if_sid>510</if_sid> <match>/dev/oracleasm/iid</match> <description>Ignore oracleasm</description> </rule> > > Stephen LuShing > > Hofstra University > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
