CSA 5.2.245 and Apache

Unanswered Question
May 20th, 2008
User Badges:


I have some problems with CSA and Apache on RedHat Linux Enterprise ES 4. During the logrotate process CSA denies all connections to Apache and gives the alert such as

May 19 15:15:06 msks0080 CiscoSecurityAgent[3297]: Event: The process '<Unknown:14054>' (as user root(0) group root(0)) attempted to accept a connection as a server on TCP port 80 from The operation was denied.

The process <Unknown:14054> is the apache's child process. I have network access rule that allows apache's child-processes to act as a server on 80/tcp. Then why CSA markes this apache's process as unknown? How can I solve this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tsteger1 Thu, 05/22/2008 - 09:35
User Badges:
  • Red, 2250 points or more

First of all, I know virtually nothing about UNIX/LINUX.

That being said, is the process running as root and is that normal?



This Discussion