[Ossec-list] rookit detection

[daniel.cid at gmail.com (Daniel Cid)]

Just a follow up. I uploaded the version 0.6-1 to the web site
which contains this fix.

http://www.ossec.net/hids/files/ossec-hids-0.6-1.tar.gz

The options to set the frequency on syscheck and on rootcheck are:

<syscheck>
  ..
  <frequency>time in seconds</frequency>
</syscheck>

<rootcheck>
  <frequency>time in seconds</frequency>
</rootcheck>

The default values are 10 hours for rootcheck and 2 hours for
syscheck... Let me know of any problem.

Thanks,

--
Daniel B. Cid


On 2/14/06, Daniel Cid <daniel.cid at gmail.com> wrote:
> Hi Tim,
>
> Unfortunately this is one of the things that I forgot to add
> a configuration option for. The only way to change it
> for now is by modifying the entry " SYSCHECK_WAIT" in the file
> "ossec-hids-0.6/src/syscheck/syscheck.h".  Actually, the default
> is to one hour (3600 seconds) which is wrong too. If you modify
> this value you need to recompile the ossec hids...
>
> *Some small bugs were found so far, so I'm going to
> release a 0.6-1 version with some small fixes (including this
> one).
>
> *if anyone found any other bug let me know so I can add to the
> 0.6-1 release...
>
> Hope it helps..
>
> Daniel
>
> On 2/13/06, Tim Slighter <tcslighter at gmail.com> wrote:
> > References on www.ossec.net quotes:
> > "The rootcheck (rootkit detection engine) will
> > be executed every X minutes (user specified --by default
> > every 2 hours) to detect any possible rootkit installed."
> >
> >  How can this default every two hours be changed?
> >
> > Thanks
> > _______________________________________________
> > ossec-list mailing list
> > ossec-list at ossec.net
> > http://mailman.underlinux.com.br/mailman/listinfo/ossec-list
> >
>