On Sun, Feb 4, 2018 at 11:33 PM, <gon...@seagroup.com> wrote: > > Hi all , > > i came cross this issue: > Files hidden inside directory > '/var/lib/docker/overlay2/xxxxxxxxxxxxx/merged/root/go/src'. Link count does > not match number of files (4,1). > in many servers. However, when i checked ossec configuration file in those > servers, there are no /var/lib/docker/overlay2 directory wrote in > configuration file. > > > > > > what i guess, since one of those server cluster, i need to monitory fire > integrity of this server under /var/lib/docker/overlay2/xxxxxxxxxxxxx. > However the file name is to complicated, so what i did is i generated number > to link to those complicated directory. I am not really sure , is this a > problem cause my above alert come out in other servers. (PS: those servers > connect to same ossec manager server.) > >
This is a rootcheck alert, not syscheck. I know rootcheck has some issues with these overlay filesystems, but I haven't really gotten a chance to look into it to see what can be done. > > thank you for helping guys. urgent now > > > > best regards, > > kaiwen > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.