[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] an idea?

To: ossec-dev@xxxxxxxxxxxxxxxx
Subject: [ossec-dev] an idea?
From: Brad Lhotsky <lhotskyb@xxxxxxxxxxxx>
Date: Tue, 05 Jun 2007 14:12:37 -0400
Content-transfer-encoding: 7bit

It would be neat to correlate the integrity check information to the
system's package management engine.  I'm running on FC6 mostly.  I've
got yum running nightly to apply updates.  When the updates happen, I
get drowned in integrity check messages.

I was thinking rather than listing every file that changed, if those
files that changed were part of a package update, you'd just get a list
of packages that were updated.

Of course, the option to drown in those messages would be cool too :)

I don't have time currently to delve into this idea, but figured I'd
share in case someone with more time than idea was alive and kicking!
If not, maybe in a month or two I'll see if I can hack something out to
do it!


-- 
Brad Lhotsky                            <lhotskyb@xxxxxxxxxxxx>
NCTS Computer Specialist                    Phone: 410.558.8006
"Darkness is a state of mind, I can go where you would stumble."
 -Wolfsheim, 'Blind'

Follow-Ups:
- [ossec-dev] Re: an idea?
  - From: Patrick Roelke

Prev by Date: [ossec-dev] OSSEC Presentations at AusCERT/Confidence
Next by Date: [ossec-dev] Re: an idea?
Previous by thread: [ossec-dev] OSSEC Presentations at AusCERT/Confidence
Next by thread: [ossec-dev] Re: an idea?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.