Difference between revisions of "HIDS 61028"
From Atomicorp Wiki
(Created page with "{{Infobox |header1= Rule 61028 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Denied an untrusted non system library binary from hooking an application }} ...") |
Revision as of 14:10, 5 May 2014
| Rule 61028 | |
|---|---|
| Status | Active |
| Alert Message | Denied an untrusted non system library binary from hooking an application |
Contents |
Description
This rule is triggered when a userland application tries to hook a system library or application, but is not itself a system library or application.
You should investigate this event as it may be part of a broader attack. Some debugging application, such as abrtd, are known to do this.
Log examples
May 5 09:24:02 host kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Troubleshooting
False Positives
Please report this to support if you know this is not an attack.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
