Permalink
Browse files

Silence 100% of use in snap disks

  • Loading branch information...
Skeptor authored and vikman90 committed Sep 3, 2018
1 parent f10198e commit 35cd825164c7be31e91a5bd011f0c815b3a539d6
Showing with 7 additions and 0 deletions.
  1. +7 −0 rules/0015-ossec_rules.xml
@@ -183,6 +183,13 @@
<description>List of the last logged in users.</description>
</rule>
<rule id="536" level="0">
<if_sid>531</if_sid>
<regex>'df -P':\s+/dev/loop\d+\s+\d+\s+\d+\s+0\s+100%\s+/snap/\w+/\d+</regex>
<description>Ignore snap disks because are always 100% of capacity</description>
</rule>
<rule id="550" level="7">
<category>ossec</category>
<decoded_as>syscheck_integrity_changed</decoded_as>

0 comments on commit 35cd825

Please sign in to comment.