El vie, 19-08-2011 a las 17:58 -0300, mordoc zero escribió:
From dae...@example.com Fri Jul 22 01:52:18 2011
Envelope-to: root@localhost
Delivery-date: Fri, 22 Jul 2011 01:52:18 -0300
From: dae...@example.com
To: root@localhost
Date: Fri, 22 Jul 2011 01:52:08 -0300
Subject: [Samhain at 127.0.1.1] 22-07-2011 01:51:48: CRIT
-BEGIN MESSAGE-
[2011-07-22T01:51:48-0300] 127.0.1.1
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/passwd.backup
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/
passwd.backup
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/lvm/.cache
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/lvm/.cache
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/ioctl.save
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/:
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/
passwd.backup
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/lvm/.cache
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/lvm/.cache
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/ioctl.save
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/ioctl.save
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/asound.conf
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/asound.conf
ALERT : [2011-07-22T01:51:17-0300] msg=LOGKEY, program=Samhain,
hash=2054BAB5BC68F25DDB98FE2905EF319647A4D47D376778F1
-BEGIN LOGKEY-
2054BAB5BC68F25DDB98FE2905EF319647A4D47D376778F1[2011-07-22T01:51:17-0300]
ALERT : [2011-07-22T01:51:15-0300] msg=START, program=Samhain,
userid=0, path=/etc/samhain/samhainrc,
hash=D2A96989673435CF2BC499D37DBD76EF3E743E6D1F9E4F0B
-BEGIN SIGNATURE-
3AAEEA7C03499615FA361862CB88B2DF6CD3FEA127D7E97D
:T : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/ioctl.save
CRIT : [2011-07-22T01:51:48-0300] msg=POLICY MISSING,
path=/etc/asound.conf
CRIT : [2011-07-22T01:51:48-0300] interface=lstat, msg=No such
file or directory, userid=0, path=/etc/asound.conf
ALERT : [2011-07-22T01:51:17-0300] msg=LOGKEY, program=Samhain,
hash=2054BAB5BC68F25DDB98FE2905EF319647A4D47D376778F1
-BEGIN LOGKEY-
2054BAB5BC68F25DDB98FE2905EF319647A4D47D376778F1[2011-07-22T01:51:17-0300]
ALERT : [2011-07-22T01:51:15-0300] msg=START, program=Samhain,
userid=0, path=/etc/samhain/samhainrc,
hash=D2A96989673435CF2BC499D37DBD76EF3E743E6D1F9E4F0B
-BEGIN SIGNATURE-
3AAEEA7C03499615FA361862CB88B2DF6CD3FEA127D7E97D
00 1311310328::127.0.1.1
-END MESSAGE-
NO ENTIENDO NADA ALGUIEN ME PUEDE GUIAR?
¿Guiar...? ¿sobre que...?
A ojo de buen cubero veo que samhain (un sistema que controla la
integridad de los ficheros, análisis de logs...) se queja de que hay
varios ficheros que no encuentra. ¿Que has instalado...? ¿como lo has
configurado...?
Un saludo
JulHer
signature.asc
Description: This is a digitally signed message part
