During a security audit, you discover that a Linux web server has not generated any host-based intrusion-detection (HIDS) alerts for more than 24 hours. A signature update completed successfully this morning, and no configuration changes were made. You run:
sudo systemctl status ossec-hids
and receive the following output:
● ossec-hids.service - SYSV: Starts and stops OSSEC HIDS (Host Intrusion Detection System)
Loaded: loaded (/etc/rc.d/init.d/ossec; generated)
Active: inactive (dead) since Tue 2025-08-25 09:04:17 UTC; 2h 03min ago
Which of the following is the most likely reason the server is no longer producing security alerts?
The HIDS ruleset signatures are outdated and missing current threat definitions.
DNS resolution has failed, so the HIDS cannot reach its management server.
The HIDS service is inactive and not monitoring the system.
A log-forwarding agent is rate-limiting events and suppressing alerts.
The HIDS cannot generate alerts unless its service is actively running. The systemctl output shows the service state as "inactive (dead)", which indicates it is stopped and therefore not monitoring the host. Restarting or enabling the service would restore alert generation. The other options either contradict the facts given (signatures were updated, no DNS or log-forwarding issues were reported) or would not on their own prevent the HIDS from logging events while it is running.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do you restart an inactive HIDS service on a Linux server?
Open an interactive chat with Bash
What causes a service like OSSEC HIDS to go inactive (dead)?