to follow up to my own post-- First, the problem was indeed happening during ossec-rootcheck, but I was unable to determine what was failing.
Secondly, the affected servers all were at one time or another, exporting a CIFS or NFS share. Disabling the share didn't prevent ossec-rootcheck from crashing. Reading the docs on 2.9.0, I thought the "skip_nfs" option might be helpful, so I upgraded-- but the problem went away before I enabled skip_nfs. So upgrading seems to have solved the problem, but I don't know why. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
