On Thu, Aug 1, 2013 at 10:15 AM, biciunas <[email protected]> wrote: > > > On Thursday, August 1, 2013 9:33:50 AM UTC-4, dan (ddpbsd) wrote: >> >> On Thu, Aug 1, 2013 at 7:52 AM, biciunas <[email protected]> wrote: >> > From /var/log/messages >> > Jul 30 13:11:12 <server name> kernel: ossec-maild[10096]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 13:11:32 <server name> kernel: ossec-maild[10097]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 16:00:04 <server name> kernel: ossec-maild[10188]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 16:00:04 <server name> kernel: ossec-maild[10189]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 16:00:04 <server name> kernel: ossec-maild[10190]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 16:00:04 <server name> kernel: ossec-maild[10191]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 16:00:04 <server name> kernel: ossec-maild[10192]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > Jul 30 16:00:04 <server name> kernel: ossec-maild[10193]: segfault at >> > 0000000000000000 rip 00002add4f72322c rsp 00007fff577262e0 error 4 >> > >> > Running OSSEC HIDS v2.7 on CentOS 6.4 server. No other messages relating >> > to >> > ossec-maild in any other log. The only change I had made was in >> > ossec.conf, >> > I commented out the default email address in <global > >> >> If you correct that mistake does it work? >> > > I reverted the file so the email_to element is no longer commented out, and > restarted ossec; it's been running for over 3 hours without segfaulting. > I guess my question now is, why would commenting out that line cause a > segfault (assuming that that's the cause)? >
Not sure, but maild doesn't make any sense if you're not sending mail. >> >> > <global> >> > <email_notification>yes</email_notification> >> > <!-- >> > <email_to>[email protected]</email_to> >> > --> >> > <smtp_server>baz-mailer</smtp_server> >> > <email_from>[email protected]</email_from> >> > </global> >> > >> > Other than that, I made no other changes. There are alerts that meet the >> > email thresholds at or about the time of segfaults. >> > >> > Any ideas? >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
