Hi, Did this ever get answered? I have the same question about the files, I decided to just reopen this rather than make a new post as I cannot find the answer. I was considering making a cron job to remove them every week, but I want to be sure deleting these files won't impact OSSEC.
On Tuesday, December 16, 2014 at 5:19:47 PM UTC-5, finid wrote: > > Thanks. > > Since they are all empty files, nothing should break if they are all > deleted, right? > > > -- > finid > > > > On 2014-12-16 15:28, Brent Morris wrote: > > I think what you're seeing is what is described in CVE-2014-5284 - > > http://www.ossec.net/?p=1135 > > > > Basically, they were in /tmp, and then a vulnerability was > > disclosed... so those files were moved from /tmp to /var/ossec in > > 2.8.1 > > > > On Tuesday, December 16, 2014 1:19:15 PM UTC-8, finid wrote: > > > >> On 2014-12-16 14:59, [email protected] wrote: > >>> Hi, > >>> > >>> I see a bunch of files in /var/ossec with names of the form > >>> ossec-hosts.*. what are they and how can I stop the system from > >>> creating them? > >>> > >>> Here are a few examples. > >>> > >>> ossec-hosts.1i6uugNQB3 > >>> ossec-hosts.BFHjPh9dwg > >>> ossec-hosts.i4EvjkDXUh > >>> ossec-hosts.U3thtpzm6b > >>> ossec-hosts.1MeJfr9MGt > >>> > >>> > >> > >> So those files appear to be temporary files. Shouldn't they be in > >> /tmp, > >> instead of /var/ossec? > >> > >> -- > >> finid > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, > > send an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout [1]. > > > > > > Links: > > ------ > > [1] https://groups.google.com/d/optout > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
