Code: Select all
From ossecm@defiant.network Fri Jan 25 11:09:14 2013
Return-Path: <ossecm@defiant.network>
Received: from notify.ossec.net (localhost [127.0.0.1])
by defiant.network (8.14.5/8.14.5) with SMTP id r0PG9ERd006521
for <proteus@localhost>; Fri, 25 Jan 2013 11:09:14 -0500
Message-Id: <201301251609.r0PG9ERd006521@defiant.network>
To: <proteus@defiant.network>
From: OSSEC HIDS <ossecm@defiant.network>
Date: Fri, 25 Jan 2013 11:09:14 -0500
Subject: OSSEC Notification - defiant - Alert level 7
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/SOURCES.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/PKG-INFO' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/zip-safe' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/top_level.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/dependency_links.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2013 Jan 25 11:09:03
Received From: defiant->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
File '/usr/lib/python2.7/site-packages/distribute-0.6.32-py2.7.egg-info/entry_points.txt' is owned by root and has written permissions to anyone.
--END OF NOTIFICATION
Edit: From cursory Googling, the correct permissions are 0644 for those files, not 0666.