Ignore /dev/.blkid.tab system audit noise
410 views
Skip to first unread message
Darren Patterson
Jul 17, 2014, 4:34:30 PM7/17/14
to ossec...@googlegroups.com
On 2.7.1 when running "./syscheck_control -i #" for my servers, recently I started seeing lots of messages:
System Audit: File '/dev/.blkid.tab' present on /dev. Possible hidden file.
Is there a way to suppress/ignore this?
Thanks,
-darren
System Audit: File '/dev/.blkid.tab' present on /dev. Possible hidden file.
Is there a way to suppress/ignore this?
Thanks,
-darren
dan (ddp)
Jul 18, 2014, 7:59:36 AM7/18/14
to ossec...@googlegroups.com
> Thanks,
> -darren
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Darren Patterson
Jul 19, 2014, 10:59:12 AM7/19/14
to ossec...@googlegroups.com
I'm not looking at the alerts - I'm only looking at the "syscheck -i" output for these systems. For other noise in this output, I adjusted the shared rules (/var/ossec/etc/shared/*). I don't see anything in /var/ossec/etc/shared/* that corresponds with this system audit message.
dan (ddp)
Jul 21, 2014, 8:44:53 AM7/21/14
to ossec...@googlegroups.com
time tracking it down, it looks kinda built in. If this message is
causing you a lot of issues, you could probably adjust the code a bit
to make it non-critical or something.
Reply all
Reply to author
Forward
0 new messages