Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
1
Replies

CSA 5.2.245 and Apache

asafanasjeva
Level 1
Level 1

‎05-20-2008 09:57 PM - edited ‎03-10-2019 04:07 AM

Hello!

I have some problems with CSA and Apache on RedHat Linux Enterprise ES 4. During the logrotate process CSA denies all connections to Apache and gives the alert such as

May 19 15:15:06 msks0080 CiscoSecurityAgent[3297]: Event: The process '<Unknown:14054>' (as user root(0) group root(0)) attempted to accept a connection as a server on TCP port 80 from 89.175.184.25. The operation was denied.

The process <Unknown:14054> is the apache's child process. I have network access rule that allows apache's child-processes to act as a server on 80/tcp. Then why CSA markes this apache's process as unknown? How can I solve this issue?

Labels:
0 Helpful
1 Reply 1

tsteger1
Level 8
Level 8

‎05-22-2008 09:35 AM

First of all, I know virtually nothing about UNIX/LINUX.

That being said, is the process running as root and is that normal?

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card