Hi, Thank you for the sugestion. But can you please elaborate it, what exactly should i look into server?
On Wednesday, 18 December 2013 19:12:17 UTC+5:30, dan (ddpbsd) wrote: > On Wed, Dec 18, 2013 at 8:38 AM, Dolph Rocks > <[email protected] <javascript:>> wrote: > > Find below the complete alert message : > > > > Received From: <ip_address of server>->/var/log/secure > > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." > > Portion of the log(s): > > > > Dec 18 00:14:38 <server_name> sudo: pam_listfile(sudo:auth): Bad option: > > "debug" > > > > > > > > --END OF NOTIFICATION > > > > Oh, that's simple. You can write a custom rule so it isn't identified > as a 1002 alert anymore. > I'd personally use that alert as an indication that there is something > to fix (because there is!). Look at <server_name> for what is causing > that error, and fix it. > > > > > > > > > > > On Tuesday, 17 December 2013 19:43:25 UTC+5:30, Dolph Rocks wrote: > >> > >> Hi all, > >> > >> Please suggest me the cause and solution for the below alert that i am > >> getting frequently on my OSSEC dashboard: > >> > >> sudo: pam_listfile(sudo:auth): Bad option: "debug" > >> > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
