We're running ossec 2.8 and are finding instances where cat and tr are
consuming a lot of CPU. The cat and tr processes have to be killed with the
kill command since restarting ossec doesn't kill them.
How can the run away cat and tr process be prevented?
I found the portion of the ossec code that calls the cat and tr functions:
elif [ "x${ACTION}" = "xdelete" ]; then
lock;
TMP_FILE=`mktemp /var/ossec/ossec-hosts.XXXXXXXXXX`
if [ "X${TMP_FILE}" = "X" ]; then
# Cheap fake tmpfile, but should be harder then no random data
TMP_FILE="/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc
'a-zA-Z0-9' | fold -w 32 | head -1 `"
fi
if [ "X$UNAME" = "XFreeBSD" ]; then
cat /etc/hosts.allow | grep -v "ALL : ${IP} : deny$"> ${TMP_FILE}
mv ${TMP_FILE} /etc/hosts.allow
else
cat /etc/hosts.deny | grep -v "ALL:${IP}$"> ${TMP_FILE}
cat ${TMP_FILE} > /etc/hosts.deny
rm ${TMP_FILE}
fi
unlock;
exit 0;
Thanks in advance for any help you can provide in resolving this issue.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
