Difference between revisions of "HIDS 591"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "Example log message: ossec: File rotated (inode changed): `/var/log/messages`. Explanation: This means that the HIDS detected that a file has moved, and has been replaced with...")
 

Latest revision as of 15:09, 18 December 2011

Example log message:

ossec: File rotated (inode changed): `/var/log/messages`.

Explanation:

This means that the HIDS detected that a file has moved, and has been replaced with another file with the exact same name. This can occur when a log rotation system archives old log files, and it can also occur if an unauthorized change has been made. Such as a log file is moved and replaced.

Notes:

This events should be audited to ensure that they occurred via an authorized process or procedure.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_591&oldid=2014"