Hello fellow ossec admins,
I got a question regarding the error message below.
We had to change our security policy and implemented rudimentary sudo.
After setting up a group and "disabling" the root account (well actually
the password was disabled), I get A LOT of mails from ossec.
Now I'm wondering, is this because the ossec user tries to get
information from the crontab and can't succeed? Or is this a message
Ossec grabbed from the system?
Is this a problem with ossec, or not?
Received From: adm-emt1->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s): Jan 13 12:02:01 adm-emt1 /usr/sbin/cron[1028]:
Permission denied
--END OF NOTIFICATION
Thansk in advance for your help,
Jens
