[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] syscheck db / security of ossec / logcolletor

Subject: [Ossec-list] syscheck db / security of ossec / logcolletor
From: pedrodrimel at gmail.com (Pedro Drimel Neto)
Date: Thu, 6 Apr 2006 15:25:58 -0300

Hi all,

Thanks for the other answers...

I'm using ossec-7p1 on Linux with server and one agent, I have some doubts:

1 - Where is the "db" of syscheck about md5sum, size, etc of files and dirs 
? In AIDE for example I can save it in a floppy with only read mode.
2 - If an attacker is root, he cans kill the PID process so the attack will 
not be detected... right ?
3 - I edited /var/log/apache2/error.log incluind a string "Segmentation 
Fault" and the active-response was taken of a syslog_rules.xml
      Rule: 102 fired (level 7) -> "Possible problem (unknown) somewhere in 
the system"
     Is it rigth ?


Thanks a lot again,

Pedro.

Prev by Date: [Ossec-list] RE : Syscheck doesn't seem to work ?
Next by Date: [Ossec-list] email-notification vs. email_notification
Previous by thread: [Ossec-list] RE : Syscheck doesn't seem to work ?
Next by thread: [Ossec-list] Active-response (again)
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.