Forums

Resolved
0 votes
Got an email from one of my customers server:

"
Security audit report:

The following errors occured:
The Security Audit could not obtain new hashes for the database, this could be caused by one or more executables failing to run properly. If the problem persists, please reinstall the Security Audit package.
One or more Security Audit programs failed to execute properly. If the problem persists, please contact support.
One or more Security Audit programs failed to execute properly. If the problem persists, please contact support.
The Security Audit could not shutdown the support framework on your host properly.This may result in directories starting with 'pcn_sec_' in your host's /tmp directory. These are no longer necessary and may be removed."

Suggestions? All services are running as normal, as far as i can see... :-)
Thursday, September 25 2014, 08:46 AM
Share this post:
Responses (1)
  • Accepted Answer

    Friday, September 26 2014, 05:29 AM - #Permalink
    Resolved
    0 votes
    And tonight I got a huge email that says stuff like:

    File: /lib64/libnspr4.so
    Size : 240560 , 244656
    Mtime : 2013-12-13 16:32:48 , 2014-07-26 18:36:25
    Ctime : 2014-05-12 14:32:02 , 2014-08-28 03:10:00
    Inode : 655436 , 656788
    MD5 : Li2b402qf0U6hVectaobJA== , CSp1FQ+v9jCiT5kBBcneqQ==
    SHA1 : NJcT5X9DWvuSqaF5JuWnhsYSdSA= , RQslyEMZi+geQrqqy4lBltsSYeo=
    SELinux : system_u:object_r:lib_t:s0 , <NULL>

    and alot of these:


    changed: /usr/bin/pinky

    And alot of these:


    Aide result:
    File /usr/bin/fmt in databases has different attributes, 300203bbd,200203bbd


    The server is crypted.

    Any ideas?
    The reply is currently minimized Show
Your Reply