Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove random_seed spurious OSSEC alert on first install #2597

Merged
1 commit merged into from
Dec 7, 2017
Merged

Remove random_seed spurious OSSEC alert on first install #2597

1 commit merged into from
Dec 7, 2017

Conversation

redshiftzero
Copy link
Contributor

Status

Ready for review

Description of Changes

Fixes #2596.

Changes proposed in this pull request:

  • Remove random_seed spurious alert on first install

Testing

  1. Make new debian packages via make build-debs and provision staging
  2. Visit source interface and submit a test message
  3. Verify that no syscheck OSSEC alerts related to random_seed appear in /var/ossec/logs/alerts/alerts.log on mon

Deployment

Changes will be deployed in the securedrop-ossec-agent debian package.

Checklist

We have no testing for syscheck (see: #2134) so either inspect the diff manually or follow the test plan.

@redshiftzero redshiftzero requested a review from emkll November 22, 2017 00:17
@redshiftzero redshiftzero added this to the 0.5 Stretch milestone Nov 27, 2017
@redshiftzero redshiftzero changed the base branch from develop to release/0.5 November 29, 2017 00:44
@redshiftzero redshiftzero changed the base branch from release/0.5 to develop December 2, 2017 01:08
@redshiftzero redshiftzero modified the milestones: 0.5 Stretch, 0.5.1 Dec 2, 2017
ghost
ghost approved these changes Dec 7, 2017
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The random_seed file will change when GPG is used, this is part of the normal operations and there is nothing the sysadmin can do about it: there is no reason to keep it in syscheck.

It would also be possible to not use this file at all with --no-random-seed-file but this is a different topic.

@ghost ghost merged commit cc26a9b into develop Dec 7, 2017
@msheiny msheiny deleted the syscheck-random-seed branch April 10, 2018 15:06
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch Awaiting requested review from conorsch

@msheiny msheiny Awaiting requested review from msheiny

@emkll emkll Awaiting requested review from emkll

Assignees
No one assigned
Labels
goals: reduce IDS noise
Projects
None yet
Milestone
0.5.1
Development

Successfully merging this pull request may close these issues.
1 participant
@redshiftzero