Thanks. Probably no risk in adding to adm group as purpose of adm group is to be able to parse log files.
On Monday, 13 June 2016 19:25:44 UTC+1, Darin Perusich wrote: > > Instead of using Nagios NPRE, think about using check_mk to extend > nagios to support all and more of what NPRE does. The check_mk > logwatch plugin can monitor your log files. Or if you don't want to > evaluate that just add nagios to the adm grp so it doens't trigger the > alarm. In the end it depends on what you're most comfortable with. > > https://mathias-kettner.de/check_mk.html > https://mathias-kettner.de/checkmk_logfiles.html > -- > Later, > Darin > > > On Mon, Jun 13, 2016 at 9:48 AM, Tahir Hafiz <[email protected] > <javascript:>> wrote: > > We have a situation in which nagios, to do it's nrpe checks, has to > > constantly read the /var/log/syslog. > > Therefore, we constantly have alerts at level 3 such as: > > > > Rule: 5502 (level 3) -> 'Login session closed.' > > Rule: 5501 (level 3) -> 'Login session opened.' > > > > which involve sessions opening and closing for user root (as the nagios > user > > sudo's to read the syslog file). > > > > > > We don't want to have to whitelist these types of alerts as we want to > have > > warning if someone escalates their privileges. Therefore, is it > acceptable > > to have nagios user added to the adm group as the adm group can read the > > syslog file? What are the right ways to solve this? > > > > Cheers > > > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
