On Wed, Dec 18, 2013 at 8:38 AM, Dolph Rocks <[email protected]> wrote: > Find below the complete alert message : > > Received From: <ip_address of server>->/var/log/secure > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > Portion of the log(s): > > Dec 18 00:14:38 <server_name> sudo: pam_listfile(sudo:auth): Bad option: > "debug" > > > > --END OF NOTIFICATION >
Oh, that's simple. You can write a custom rule so it isn't identified as a 1002 alert anymore. I'd personally use that alert as an indication that there is something to fix (because there is!). Look at <server_name> for what is causing that error, and fix it. > > > > > On Tuesday, 17 December 2013 19:43:25 UTC+5:30, Dolph Rocks wrote: >> >> Hi all, >> >> Please suggest me the cause and solution for the below alert that i am >> getting frequently on my OSSEC dashboard: >> >> sudo: pam_listfile(sudo:auth): Bad option: "debug" >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
