[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] ignoring directories for rootkit detection

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] ignoring directories for rootkit detection
From: "Meir Michanie" <meirgotroot@xxxxxxxxx>
Date: Mon, 3 Jul 2006 21:51:23 +0300

Hi list.
in my config I have ignore tag inside the syscheck
There is no option to use the same tag under rootkit
the rootkit search engine searchs for files owned by root and worldwide writable ( I know is a security risk)
1. I do not see how a file owned by root and o+w is a rootkit alarm. (it may be a hardening issue)
2. I tried using <scanall>no</scanall> and still got the rootkit engine alarming of files under /usr/local/myfiles/

Did I say that ossec rocks?

--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: ignoring directories for rootkit detection
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: is this the new address
Next by Date: [ossec-list] Re: ignoring directories for rootkit detection
Previous by thread: [ossec-list] Re: is this the new address
Next by thread: [ossec-list] Re: ignoring directories for rootkit detection
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.