[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Integrity Checks and Diffs?

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Integrity Checks and Diffs?
From: Forrest Aldrich <forrie@xxxxxxxxxx>
Date: Thu, 07 Sep 2006 15:38:53 -0400
Content-transfer-encoding: 7bit


Very true.

In that case, send it over/via OSSEC in an encrypted package?  I dunno...

But the basic principle is useful - knowing "what" was changed, not justthat it was changed.




David Vasil wrote:

Forrest Aldrich wrote:

Maybe for text-only files, provide an option to include a contextual
diff output, which shows the changes of the monitored file, with that of
the known version --- this would require keeping that old version
archived somewhere, though.  Hmm...     may be useful in some
situations, knowing not only that the file was changed, but WHAT was
changed.


That could come back and bite you in some situations where the file that
was changed contained sensitive information (which upon alert would be
sent to you through clear-text email).

Follow-Ups:
- [ossec-list] Re: Integrity Checks and Diffs?
  - From: Marty E. Hillman

References:
- [ossec-list] Integrity Checks and Diffs?
  - From: Forrest Aldrich
- [ossec-list] Re: Integrity Checks and Diffs?
  - From: David Vasil

Prev by Date: [ossec-list] Re: Integrity Checks and Diffs?
Next by Date: [ossec-list] Re: Chatty PIX rules
Previous by thread: [ossec-list] Re: Integrity Checks and Diffs?
Next by thread: [ossec-list] Re: Integrity Checks and Diffs?
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.