Dear community,
each day I get an alert from the rule 40101 :
fired (level 12) - System user successfully logged to the system.
Portion of the log(s):
Mar 11 15:53:38 server su[15522]: + ??? root:nobody
I found the script responisble for this :
/etc/cron.daily/locate
This script is using
If the action is expected then create a local rule that suppresses
that alert for the hostname and program_name
On Sun, Mar 11, 2012 at 11:03, Hugo Deprez hugo.dep...@gmail.com wrote:
Dear community,
each day I get an alert from the rule 40101 :
fired (level 12) - System user successfully
http://pastebin.com/gyqK52QQ
The ossec server running in Ubuntu .
*** Making os_dbd ***
make[1]: Entering directory `/home/desarrollo/ossec-hids-2.6/src/
os_dbd'
Compiling DB support with:
gcc -g -Wall -I../ -I../headers -DDEFAULTDIR=\/var/ossec\ -
DUSE_OPENSSL -DARGV0=\ossec-dbd\