Dear Dan,
I wish I can further explore but looking at the message is
garble nothing I can understand how to research further. I got another
message as below. I dont get this well "localhost useradd[20076]: failed
adding user 'mysql', data deleted"? Is this another false positive ?
OSSEC HIDS Notification.
2014 Feb 14 12:26:49
Received From: localhost->/var/log/messages
Rule: 2932 fired (level 7) -> "New Yum package installed."
Portion of the log(s):
Feb 14 12:26:48 localhost yum[19925]: Installed:
kernel-2.6.32-431.5.1.el6.x86_64
--END OF NOTIFICATION
OSSEC HIDS Notification.
2014 Feb 14 12:26:49
Received From: localhost->/var/log/secure
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Feb 14 12:26:48 localhost useradd[20076]: failed adding user 'mysql', data
deleted
--END OF NOTIFICATION
OSSEC HIDS Notification.
2014 Feb 14 12:26:51
Received From: localhost->/var/log/messages
Rule: 2933 fired (level 7) -> "Yum package updated."
Portion of the log(s):
Feb 14 12:26:50 localhost yum[19925]: Updated: mysql-server-5.1.73-3.el6_5.
x86_64
--END OF NOTIFICATION
Regards,
Frwa.
On Friday, February 14, 2014 12:20:36 PM UTC+8, dan (ddpbsd) wrote:
>
>
> On Feb 13, 2014 11:19 PM, "frwa onto" <[email protected] <javascript:>>
> wrote:
> >
> > Hi All,
> > I received this . How debug on this ?
> >
> > OSSEC HIDS Notification.
> > 2014 Feb 12 03:50:01
> >
> > Received From: localhost->ossec-keepalive
> > Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
> > Portion of the log(s):
> >
> > --MARK--:
> ZO.YkF9zgXH6)n0F!tM.n,(F/?U0m4[@0=(!wdd*1'?,Uh^#B9r,odBmc+v3bpI1U8Gz#=Y+yfzAnXg,Ax;,^7jzeE,fb)odVc&^[Im6,MbjdVT*B'%k0==49_9spF9sIUQ&K2QGi?.ZVQLE
> >
>
> It's a false positive, and a thorn in our sidea. Ignore it. Do a search if
> you need more info.
>
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
