Bulk Failed Syscall #1721
Comments
|
Also the user who installed is privileged user, also the audit file access report is also showing that ossec is accessing files with same username who installed as follows |
|
I've never seen these messages. Could you provide more context? |
|
The audit daemon report is printing these results. Failed syscalls. Can you explain me why I get these failed syscalls? |
|
And also why the privileged user is appearing in these failed syscalls? Please respond |
|
Please respond |
|
Something on your system (selinux?) is potentially blocking unlink syscalls I guess. |
|
but why do I see the same results in my file access report of aureport |
|
Because something is blocking the syscalls? I really don't know, and I don't think I have enough information to even investigate it. |
|
4 /var/ossec/queue/diff/local/tmp//***** |
|
These files are access by the user who installed ossec agent, without him actually accessing it. |
|
|
Why do I get these bulk failed syscall at ossec agent? The agent is running at default configuration with file integrity module enabled in ossec.conf, please respond how to control this bulk amount of failed syscalls
The text was updated successfully, but these errors were encountered: