Try this patch from here:
https://bitbucket.org/dcid/ossec-hids/commits/eb98bdae15cec6ccf04190d0badbd3b0de6f84b7
As it may fix the problem.
thanks,
On Mon, Apr 18, 2016 at 7:16 PM, theresa mic-snare
wrote:
> will need to take a proper look at what's causing those
will need to take a proper look at what's causing those segfaults
tomorrow...
Am Dienstag, 19. April 2016 00:11:45 UTC+2 schrieb theresa mic-snare:
>
> oh no!!
> OSSEC segfaulted
>
> 2016-04-19T00:01:58.311800+02:
> 00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 7f68290ab8b5
> sp
oh no!!
OSSEC segfaulted
2016-04-19T00:01:58.311800+02:
00 tron kernel: ossec-monitord[20021]: segfault at 1a ip 7f68290ab8b5
sp 7fff84248bc0 error 4 in libc-2.12.so[7f6829008000+18a000]
since this was 1 Minute after midnight I suspect reportd causes this
this is what the OSSEC log
This is the first rule I have attempted since inheriting the
system/platform.
It is worth noting however that the "no_email_alert" is
> redundant in this case, because the rule level is set to zero.
Yea, I was grasping at straws here.
On Monday, April 18, 2016 at 12:05:54 PM UTC-4,
Interesting... that should be the only config that you need to update in
order to disable the root check. I tried it in my lab and disabled it
properly as well.
On Sunday, April 17, 2016 at 4:56:15 AM UTC-4, eyal gershon wrote:
>
> I checked again the logs -
>
> 2016/04/16 18:37:27
Your rule seems to work well. Could you paste here the output of logtest?
On Monday, April 18, 2016 at 6:05:54 PM UTC+2, LostInThe Tubez wrote:
>
> Your rule triggers for me when I test it (on v2.8.3), so the problem is
> likely not with your rule. It is worth noting however that the
>