-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bulk Failed Syscall #1721
Comments
Also the user who installed is privileged user, also the audit file access report is also showing that ossec is accessing files with same username who installed as follows |
I've never seen these messages. Could you provide more context? |
The audit daemon report is printing these results. Failed syscalls. Can you explain me why I get these failed syscalls? |
And also why the privileged user is appearing in these failed syscalls? Please respond |
Please respond |
Something on your system (selinux?) is potentially blocking unlink syscalls I guess. |
but why do I see the same results in my file access report of aureport |
Because something is blocking the syscalls? I really don't know, and I don't think I have enough information to even investigate it. |
4 /var/ossec/queue/diff/local/tmp//***** |
These files are access by the user who installed ossec agent, without him actually accessing it. |
|
Why do I get these bulk failed syscall at ossec agent? The agent is running at default configuration with file integrity module enabled in ossec.conf, please respond how to control this bulk amount of failed syscalls
The text was updated successfully, but these errors were encountered: