On Fri, Jun 21, 2013 at 12:23 PM, Michael Barrett <[email protected]> wrote: > Do I need to be concerned with these errors? I don't seem to see it on > other machines > > RH Linux ossec ver 2.6 > > > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/win_audit_rcl.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/win_malware_rcl.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/rootkit_files.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/cis_rhel5_linux_rcl.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/cis_debian_linux_rcl.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/rootkit_trojans.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/win_applications_rcl.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/cis_rhel_linux_rcl.txt'. > 2013/06/21 10:43:46 ossec-agentd: ERROR: Unable to unmerge file > '/etc/shared/system_audit_rcl.txt'. >
They're probably worth investigating. I'd start by checking the permissions/ownership of /var/ossec/etc/shared/merged.mg/and the files listed above. > ____________________________________________ > Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty > Insurance Corporation > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > 1.888.601.4440 | * [email protected] > > This message is intended for use only by the person(s) addressed above and > may contain privileged and confidential information. Disclosure or use of > this message by any other person is strictly prohibited. If this message is > received in error, please notify the sender immediately and delete this > message. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
