I have some problems with CSA and Apache on RedHat Linux Enterprise ES 4. During the logrotate process CSA denies all connections to Apache and gives the alert such as
May 19 15:15:06 msks0080 CiscoSecurityAgent: Event: The process '<Unknown:14054>' (as user root(0) group root(0)) attempted to accept a connection as a server on TCP port 80 from 188.8.131.52. The operation was denied.
The process <Unknown:14054> is the apache's child process. I have network access rule that allows apache's child-processes to act as a server on 80/tcp. Then why CSA markes this apache's process as unknown? How can I solve this issue?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...