[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Ossec-list] rookit detection

Subject: [Ossec-list] rookit detection
From: daniel.cid at gmail.com (Daniel Cid)
Date: Tue, 14 Feb 2006 11:32:48 -0400

Hi Tim,

Unfortunately this is one of the things that I forgot to add
a configuration option for. The only way to change it
for now is by modifying the entry " SYSCHECK_WAIT" in the file
"ossec-hids-0.6/src/syscheck/syscheck.h".  Actually, the default
is to one hour (3600 seconds) which is wrong too. If you modify
this value you need to recompile the ossec hids...

*Some small bugs were found so far, so I'm going to
release a 0.6-1 version with some small fixes (including this
one).

*if anyone found any other bug let me know so I can add to the
0.6-1 release...

Hope it helps..

Daniel

On 2/13/06, Tim Slighter <tcslighter at gmail.com> wrote:
> References on www.ossec.net quotes:
> "The rootcheck (rootkit detection engine) will
> be executed every X minutes (user specified --by default
> every 2 hours) to detect any possible rootkit installed."
>
>  How can this default every two hours be changed?
>
> Thanks
> _______________________________________________
> ossec-list mailing list
> ossec-list at ossec.net
> http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
>

Follow-Ups:
- [Ossec-list] rookit detection
  - From: Daniel Cid

References:
- [Ossec-list] rookit detection
  - From: Tim Slighter

Prev by Date: [Ossec-list] rookit detection
Next by Date: [Ossec-list] solaris
Previous by thread: [Ossec-list] rookit detection
Next by thread: [Ossec-list] rookit detection
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.