On Thu, Dec 19, 2013 at 10:20 AM, Dolph Rocks <[email protected]> wrote: > Hi, > > Thank you for the sugestion. > > But can you please elaborate it, what exactly should i look into server? >
Something on the <server_name> system is using sudo incorrectly. Perhaps there is more information in the logs? What else runs at the time the sudo log is generated on <server_name> (look for scripts and cron jobs that utilize sudo)? > On Wednesday, 18 December 2013 19:12:17 UTC+5:30, dan (ddpbsd) wrote: >> >> On Wed, Dec 18, 2013 at 8:38 AM, Dolph Rocks >> <[email protected]> wrote: >> > Find below the complete alert message : >> > >> > Received From: <ip_address of server>->/var/log/secure >> > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." >> > Portion of the log(s): >> > >> > Dec 18 00:14:38 <server_name> sudo: pam_listfile(sudo:auth): Bad option: >> > "debug" >> > >> > >> > >> > --END OF NOTIFICATION >> > >> >> Oh, that's simple. You can write a custom rule so it isn't identified >> as a 1002 alert anymore. >> I'd personally use that alert as an indication that there is something >> to fix (because there is!). Look at <server_name> for what is causing >> that error, and fix it. >> >> > >> > >> > >> > >> > On Tuesday, 17 December 2013 19:43:25 UTC+5:30, Dolph Rocks wrote: >> >> >> >> Hi all, >> >> >> >> Please suggest me the cause and solution for the below alert that i am >> >> getting frequently on my OSSEC dashboard: >> >> >> >> sudo: pam_listfile(sudo:auth): Bad option: "debug" >> >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
