Hello to all. I recently upgraded to O-H-0.9-2. Since then, I've been getting the following alerts from my mail server:
OSSEC HIDS Notification. 2006 Sep 27 15:32:22 Received From: (plymouth) 192.168.1.2->/var/log/messages Rule: 40101 fired (level 12) -> "System user sucessfully logged on the system." Portion of the log(s): su(pam_unix)[8027]: session opened for user nobody by (uid=0) --END OF NOTIFICATION I've not yet figured out which service firing via the user nobody, but would like to filter these alerts out. How would I do that? Thanks. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
