Exploit Prevention: Added " /tmp/#sql-temptable......" into exclusion
When signature with ID 50009, 50010, 50011, 50012 is being enable (block and report), all "/tmp/#sql-temptable" will be block from being access. Should we exclude those file path for example "/tmp/#sql-temptable*" or just turn off those signature?
User [mysql] ran [/usr/sbin/mariadbd], which accessed [/tmp/#sql-temptable-2e15-42111-5e16.MAI], violating the rule [Linux - Vulnerability in mysql could allow Elevation of Privileges via symlink attacks] with rule ID  and was blocked.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.