Samhain - POLICY NODIRECTORY explained

Posted in Unix, Linux, Security, Tools, Tips on Tuesday, July 10, 2012 by

This was a tricky one. I kept getting alerts for:

-----BEGIN MESSAGE-----
[2012-07-09T23:40:37+1000] server8.somedomain.com
CRIT   :  [2012-07-09T23:40:34+1000] msg=<POLICY NODIRECTORY>, path=</var/log>
-----BEGIN SIGNATURE-----
EA6AB852FD5E03118A95B8507E514F264CCFE3CC35E3330F
000154 1340761939::server8.somedomain.com
-----END MESSAGE-----

And for the life of me wasn’t sure why but after reading the source code the cause is explained:

{ MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE },

And you know what it was correct! /var/log was a softlink to /data/logs!

Download Adobe Flash Player MSI LINK »
« Delete certain messages from Postfix Queue