On Mon, Sep 28, 2015 at 4:18 AM, Abhishek Kumar <[email protected]> wrote: > Dear Team, > > I am getting OSSEC alert 7 . > > Received From: Myserver->netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort > Rule: 533 fired (level 7) -> "Listened ports status (netstat) changed (new > port opened or closed)." > Portion of the log(s): > > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp6 0 0 :::22 :::* LISTEN > tcp6 1 0 :::80 :::* LISTEN > Previous output: > ossec: output: 'netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort': > tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN > tcp6 0 0 :::22 :::* LISTEN > tcp6 0 0 :::80 :::* LISTEN > > Is there any security thread and why its happen how to sort out. >
Was the webserver extremely busy recently? I'm not sure what causes the Recv-Q to increment, so I can't provide much advice. > Thanks > Abhishek > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
