|Alert Message||Denied an untrusted non system library binary from hooking an application|
This rule is triggered when a userland application tries to hook a system library or application, but is not itself a system library or application.
You should investigate this event as it may be part of a broader attack. Some debugging application, such as abrtd, are known to do this.
 Log examples
May 5 09:24:02 host kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
 False Positives
Please do not report events for abrt, if this involves a different application, please report this to support if you know this is not an attack.
 Additional Information
 Similar Rules
 Knowledge Base Articles