Issue
We often receive questions about «Process segfaulted» in the incidents tab.
Environment
- Imunify360
Solution
- The OSSEC rule 1010 is intended for monitoring messages about segfaults:
<rule id="1010" level="5">
<match>segfault at </match>
<description>Process segfaulted.</description>
<group>service_availability,</group>
</rule>
We'd recommend investigating the issue with segfaults and fixing it.
- The rule can also be disabled as per Troubleshooting of false-positive WAF hits on legitimate actions but that's not recommended.
Cause
Problems with third-party software.
Comments
0 comments
Article is closed for comments.