Hi Pedro, of course using active response.. the solution can't be 'not using this feature'..
:-) 2016-02-08 11:36 GMT+01:00 Pedro S <[email protected]>: > Hi, > > Are you using active response? Those file are regarding to OSSEC > active-response, if you are not using it you can disable it editing > ossec.conf file: > > <active-response> > <disabled>yes</disabled> > </active-response> > > Best regards, > > Pedro S. > > On Friday, February 5, 2016 at 9:17:48 AM UTC+1, Giorgio Biondi wrote: >> >> Hi at all >> >> nobody have this behavior ? >> >> Good weekend >> >> Il giorno venerdì 22 gennaio 2016 11:57:46 UTC+1, Giorgio Biondi ha >> scritto: >>> >>> Hi, >>> >>> I have some linuxbox with ossec installed and work fine. >>> One of this have always some (or much more) process in status 'Z' zombie >>> >>> See this: >>> >>> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND >>> root 25003 0.2 0.1 108212 1952 pts/0 S+ 11:53 0:00 watch >>> ps aux | grep Z >>> root 25416 0.0 0.0 0 0 ? Z 11:55 0:00 >>> [host-deny.sh] <defunct> >>> root 25417 0.0 0.0 0 0 ? Z 11:55 0:00 >>> [firewall-drop.s] <defunct> >>> root 25418 0.0 0.0 0 0 ? Z 11:55 0:00 >>> [host-deny.sh] <defunct> >>> root 25419 0.0 0.0 0 0 ? Z 11:55 0:00 >>> [firewall-drop.s] <defunct> >>> root 25482 0.0 0.0 106060 1248 pts/0 S+ 11:55 0:00 sh -c >>> ps aux | grep Z >>> root 25484 0.0 0.0 103256 860 pts/0 S+ 11:55 0:00 grep Z >>> >>> >>> This process regarding ossec system.. apart this ossec system work >>> fine.. or seems fine.. >>> >>> If stop service ossec I have a very huge load but this is a 'known >>> behaviur'. >>> >>> All the best. >>> >>> Giorgio Biondi. >>> >> -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/DNaZYCCrapk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
