Im getting emailed almost every hour OSSEC HIDS Notification. i have no idea hot to fixed this - i did run asl -u
OSSEC HIDS Notification.
2013 Dec 08 09:01:18
Received From: odbierz->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Dec 8 09:01:02 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 56852 0 0 1386514862 e pipe failed
--END OF NOTIFICATION
/var/log/messages:
Dec 8 10:45:01 odbierz psmon[61152]: Forking second background daemon, process 61153.
Dec 8 10:47:08 odbierz kernel: ASL_GEO_BLOCK IN=eth0 OUT= MAC=ac:16:2d:79:6b:8c:00:0c:86:e2:34:00:08:00 SRC=122.224.97.19 DST=208.100.27.13 LEN=40 TOS=0x00 PREC=0x00 TTL=103 ID=256 PROTO=TCP SPT=6000 DPT=3306 SEQ=363331584 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0
Dec 8 10:51:37 odbierz clamd[55245]: SelfCheck: Database status OK.
Dec 8 11:00:01 odbierz psmon[61410]: Forking background daemon, process 61411.
Dec 8 11:00:01 odbierz psmon[61411]: Forking second background daemon, process 61412.
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: <anonymous mapping>, 28a16a8b000-28a16a8c000 28a16a8b000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/anonmap(anonmap):61556, uid/euid: 0/0, PC: 0000028a16a8b000, SP: 000003ed3fdb45f8
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 000000000000000f 0000000000400bde 0000000000000000 0000000000400b81 0000028a161d7700 0000000000000000 0000000000000000 0000028a162decdd 0000000000000000 000003ed3fdb4708 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61556 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/execbss, 00601000-00602000 00001000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/execbss(execbss):61564, uid/euid: 0/0, PC: 0000000000601288, SP: 000003f4f0885978
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 7f e1 e1
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 000003f4f0885a80 0000000000400af0 0000000000000000 0000000000400ab1 000002f629b1d700 0000000000000000 0000000000000000 000002f629b6fcdd 0000000000000000 000003f4f0885a88 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61564 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/execdata, 00601000-00602000 00001000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/execdata(execdata):61572, uid/euid: 0/0, PC: 0000000000601264, SP: 0000039e9b07d1f8
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 80 87 fe e8 10 03 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000039e9b07d300 0000000000400af0 0000000000000000 0000000000400ab1 00000310e8bc1700 0000000000000000 0000000000000000 00000310e8c79cdd 0000000000000000 0000039e9b07d308 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61572 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: <heap>, 03cfe000-03d20000 03cfe000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/execheap(execheap):61580, uid/euid: 0/0, PC: 0000000003cfe950, SP: 0000039354fdcb88
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000400910 0000000000400bc8 0000000000000000 0000000000400b81 0000025a8e991700 0000000000000000 0000000000000000 0000025a8eaaccdd 0000000000000000 0000039354fdcc98 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61580 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: <stack>, 3c943cd1000-3c943cf2000 3fffffde000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/execstack(execstack):61588, uid/euid: 0/0, PC: 000003c943ceeff0, SP: 000003c943ceefe8
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000000000 0000000000400aed 00000000000000c3 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61588 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: grsec: denied RWX mprotect of <anonymous mapping> by /usr/libexec/paxtest/mprotanon[mprotanon:61596] uid/euid:0/0 gid/egid:0/0, parent /usr/libexec/paxtest/mprotanon[mprotanon:61595] uid/euid:0/0 gid/egid:0/0
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: <anonymous mapping>, 2d27a173000-2d27a174000 2d27a173000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotanon(mprotanon):61596, uid/euid: 0/0, PC: 000002d27a173000, SP: 000003efc8b9b7f8
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000400910 0000000000400bf0 0000000000000001 0000000000400b81 000002d279963700 0000000000000000 0000000000000000 000002d2799c6cdd 0000000000000000 000003efc8b9b908 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61596 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: grsec: denied RWX mprotect of /usr/libexec/paxtest/mprotbss by /usr/libexec/paxtest/mprotbss[mprotbss:61604] uid/euid:0/0 gid/egid:0/0, parent /usr/libexec/paxtest/mprotbss[mprotbss:61603] uid/euid:0/0 gid/egid:0/0
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/mprotbss, 00601000-00602000 00001000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotbss(mprotbss):61604, uid/euid: 0/0, PC: 0000000000601288, SP: 000003fa72e01f78
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 7f e1 e1
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000400840 0000000000400b04 0000000000000000 0000000000400ab1 000003370c9ed700 0000000000000000 0000000000000000 000003370ca4dcdd 0000000000000000 000003fa72e02088 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61604 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: grsec: denied RWX mprotect of /usr/libexec/paxtest/mprotdata by /usr/libexec/paxtest/mprotdata[mprotdata:61612] uid/euid:0/0 gid/egid:0/0, parent /usr/libexec/paxtest/mprotdata[mprotdata:61611] uid/euid:0/0 gid/egid:0/0
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/mprotdata, 00601000-00602000 00001000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotdata(mprotdata):61612, uid/euid: 0/0, PC: 0000000000601264, SP: 000003d6e594f688
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 80 f7 20 d5 cd 02 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000400840 0000000000400b04 0000000000000000 0000000000400ab1 000002cdd4e2b700 0000000000000000 0000000000000000 000002cdd4ea0cdd 0000000000000000 000003d6e594f798 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61612 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: grsec: denied RWX mprotect of <heap> by /usr/libexec/paxtest/mprotheap[mprotheap:61620] uid/euid:0/0 gid/egid:0/0, parent /usr/libexec/paxtest/mprotheap[mprotheap:61619] uid/euid:0/0 gid/egid:0/0
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: <heap>, 03368000-0338a000 03368000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotheap(mprotheap):61620, uid/euid: 0/0, PC: 0000000003368630, SP: 000003f0f187bbf8
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000400910 0000000000400bda 0000000000000001 0000000000400b81 000003471f8d6700 0000000000000000 0000000000000000 000003471f931cdd 0000000000000000 000003f0f187bd08 0000000100000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61620 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: grsec: denied RWX mprotect of /usr/libexec/paxtest/shlibtest2.so by /usr/libexec/paxtest/mprotshbss[mprotshbss:61628] uid/euid:0/0 gid/egid:0/0, parent /usr/libexec/paxtest/mprotshbss[mprotshbss:61627] uid/euid:0/0 gid/egid:0/0
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest2.so, 33e34c8b000-33e34c8d000 00000000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotshbss(mprotshbss):61628, uid/euid: 0/0, PC: 0000033e34c8c840, SP: 000003bbfc929878
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000033e34c8c840 0000000000400cca 0000000000000000 0000000000000001 0000000000000000 0000000000400b20 000003bbfc9299a0 0000000000400ef1 0000033e3548e700 0000000000000000 0000000000000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61628 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: grsec: more alerts, logging disabled for 10 seconds
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest2.so, 2c13c0b3000-2c13c0b5000 00000000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotshdata(mprotshdata):61636, uid/euid: 0/0, PC: 000002c13c0b3820, SP: 000003888cdffd58
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 000002c13c0b3820 0000000000400cca 0000000000000000 0000000000000001 0000000000000000 0000000000400b20 000003888cdffe80 0000000000400ef1 000002c13c8b6700 0000000000000000 0000000000000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61636 0 0 1386522063 e pipe failed
Dec 8 11:01:03 odbierz kernel: PAX: execution attempt in: <stack>, 38b73a5c000-38b73a7d000 3fffffde000
Dec 8 11:01:03 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/mprotstack(mprotstack):61644, uid/euid: 0/0, PC: 0000038b73a7c510, SP: 0000038b73a7c508
Dec 8 11:01:03 odbierz kernel: PAX: bytes at PC: c3 c6 a7 73 8b 03 00 00 00 00 00 00 00 00 00 00 01 00 00 00
Dec 8 11:01:03 odbierz kernel: PAX: bytes at SP-8: 0000000000400840 0000000000400afd 0000038b73a7c6c3 0000000000000000 0000000000000001 0000000000400ab1 000002a933847700 0000000000000000 0000000000000000 000002a933885cdd 0000000000000000
Dec 8 11:01:03 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:03 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61644 0 0 1386522063 e pipe failed
Dec 8 11:01:04 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest2.so, 32b4c5c0000-32b4c5c2000 00000000
Dec 8 11:01:04 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/shlibbss(shlibbss):61862, uid/euid: 0/0, PC: 0000032b4c5c1840, SP: 0000039206435938
Dec 8 11:01:04 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:04 odbierz kernel: PAX: bytes at SP-8: 0000032b4cbf44e8 0000000000400e70 0000000000000000 0000000000000001 0000000000000000 0000000000400b30 0000039206435a60 0000000000400da1 0000032b4be1a700 0000000000000000 0000000000000000
Dec 8 11:01:04 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:04 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61862 0 0 1386522064 e pipe failed
Dec 8 11:01:04 odbierz kernel: PAX: execution attempt in: /usr/libexec/paxtest/shlibtest2.so, 372f84b5000-372f84b7000 00000000
Dec 8 11:01:04 odbierz kernel: PAX: terminating task: /usr/libexec/paxtest/shlibdata(shlibdata):61870, uid/euid: 0/0, PC: 00000372f84b5820, SP: 000003f1bd1a7d98
Dec 8 11:01:04 odbierz kernel: PAX: bytes at PC: c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 8 11:01:04 odbierz kernel: PAX: bytes at SP-8: 00000372f8ae94e8 0000000000400e70 0000000000000000 0000000000000001 0000000000000000 0000000000400b30 000003f1bd1a7ec0 0000000000400da1 00000372f7ca1700 0000000000000000 0000000000000000
Dec 8 11:01:04 odbierz kernel: grsec: denied exec of usermode helper binary /usr/libexec/abrt-hook-ccpp located outside of /sbin and system library paths
Dec 8 11:01:04 odbierz kernel: Core dump to |/usr/libexec/abrt-hook-ccpp 9 0 61870 0 0 1386522064 e pipe failed
Dec 8 11:01:10 odbierz freshclam[62738]: ClamAV update process started at Sun Dec 8 11:01:10 2013
Dec 8 11:01:10 odbierz freshclam[62738]: main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Dec 8 11:01:10 odbierz freshclam[62738]: daily.cld is up to date (version: 18215, sigs: 589021, f-level: 63, builder: neo)
Dec 8 11:01:10 odbierz freshclam[62738]: safebrowsing.cvd is up to date (version: 41296, sigs: 1336872, f-level: 63, builder: google)
Dec 8 11:01:10 odbierz freshclam[62738]: bytecode.cvd is up to date (version: 233, sigs: 44, f-level: 63, builder: dgoddard)
Dec 8 11:01:37 odbierz clamd[55245]: SelfCheck: Database status OK.
OSSEC Notification grsec: denied exec of usermode helper bin
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: OSSEC Notification grsec: denied exec of usermode helper
Thats coming from Redhats abrt daemon, which you probably dont need to have running. If you want to disable it, run these commands as root:
service abrt-ccpp stop
service abrtd stop
service abrt-oops stop
chkconfig --del abrtd
chkconfig --del abrt-ccpp
chkconfig --del abrt-oops
service abrt-ccpp stop
service abrtd stop
service abrt-oops stop
chkconfig --del abrtd
chkconfig --del abrt-ccpp
chkconfig --del abrt-oops
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone