Does anyone know of a way to disable all use of netstat by ossec agent on a single server?
I have a server that has ossec agent on that netstat is using excessive CPU due to the high connections and large netstat output.
I already tried disabling rootcheck in /var/ossec/etc/ossec.conf
I still see ossec agent running netstat when rootcheck is confirmed disabled.
[root@server ~]# ps aux|grep netstat
root 2771 0.0 0.0 106076 1292 ? S 23:53 0:00 sh -c netstat -tulpen | sort
root 2772 22.7 0.0 105400 1068 ? R 23:53 0:03 netstat -tulpen
root 2807 0.0 0.0 103320 908 pts/1 S+ 23:53 0:00 grep netstat
[root@server ~]#