[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] queries on configuring ossec

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] queries on configuring ossec
From: Martin Leung <ccmartin@xxxxxx>
Date: Wed, 09 Aug 2006 17:07:43 +0800
Content-transfer-encoding: 7bit
Organization: HKUST


Hi,

I have a few configuration questions. Can someone help?

1. Can I configure syscheckd to report for new file? It seems only
   file change is detected.

2. Can I include part of a ignored directory in syscheck? For example,
   would the following config detect change in /var/ossec/bin ?

   <syscheck>
     <directories check_all="yes">/</directories>
     <ignore>/var</ignore>
     <directories check_all="yes">/var/ossec/bin</directories>
     <directories check_all="yes">/var/ossec/rules</directories>
   </syscheck>

3. Why do the rule files in /var/ossec/rules have the execution bit set?

-r-xr-x---   1 root ossec  4415 Jun  7 10:31 apache_rules.xml
-r-xr-x---   1 root ossec  2969 Jul 21 03:56 attack_rules.xml

4. I renice syscheckd to priority 19 and keep using the default 2 hrs
   run frequency. What would happen if the daemon can't finish scanning
   all the files within the period?

Thanks in advance.
Martin

Prev by Date: [ossec-list] ZK Rootkit
Next by Date: [ossec-list] Re: ZK Rootkit
Previous by thread: [ossec-list] Re: Active response - firewall
Next by thread: [ossec-list] Whitelisting questions
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.