write a local rule in /var/ossec/rules/local_rules.xml
Your rule should look more or less like this
rule id=11 level=0
if_sid1002/if_sid
matchAH01797/match
descriptionIgnore AH01797 messages/description
/rule
replace 11 with the next available ID if 11 is
Thanks very much!
On 08/23/2014 06:29 AM, Binet, Valere (NIH/NIA/IRP) [C] wrote:
write a local rule in /var/ossec/rules/local_rules.xml
Your rule should look more or less like this
rule id=11 level=0
if_sid1002/if_sid
matchAH01797/match
descriptionIgnore AH01797
I recently installed ossec on my fresh CentOS 7 machine and now execd
consumes all resources on one core every now and then (at least once a day
most times sooner). Could this be a problem with firewalld that is included
(and enabled by default) with RHEL7? Don't see much in the logs but I did
I know this is a no-no, but have you tried with SELinux on permissive or
disabled?
Mitch Ullman
IT Engineer
Avtec, INC
100 Innovation Place
Lexington, SC. 29072
803-358-3225
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Jeroen Beerstra
Sent: Monday, August
No I haven't, however I don't think it's SELinux:
grep ossec /var/log/audit.log returns nothing and it really takes several
succesfull active responses (add/delete) before I miss a delete iptables
and 100% resource consuming ossec-execd
Op maandag 25 augustus 2014 15:50:24 UTC+2 schreef
On 2014-08-25 8:44, Ullman, Mitch wrote:
I know this is a no-no, but have you tried with SELinux on permissive
or disabled?
OSSEC does not require SELinux to be disabled nor does it require any
changes to policy.
--
---
You received this message because you are subscribed to the Google
Good to know. I always turn a suspicious eye toward SEL, though.
Mitch Ullman
IT Engineer
Avtec, INC
100 Innovation Place
Lexington, SC. 29072
803-358-3225
-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
Behalf Of Michael Starks
Sent: Monday,
A bit OT, but
SELinux in RHEL = 5: worthy of suspicion (and outright disabling, really)
SELinux in RHEL 6: probably not worthy of suspicion
SELinux in RHEL 7: not worthy of suspicion
Red Hat (and the SELinux base policy team) have done a fantastic job of
getting SELinux out of the way
On 2014-08-25 11:50, Ullman, Mitch wrote:
Good to know. I always turn a suspicious eye toward SEL, though.
Fair enough. I suppose I should mention that using the WebUI would
require a change to SELinux policy since it is trying to access things
outside of the web root.
--
---
You