[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: Digital signature for integrity check DB

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: Digital signature for integrity check DB
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Sun, 27 May 2007 16:26:32 -0300
Cc: "Serge Dubrouski" <sergeyfd@xxxxxxxxx>
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YqieC0S/xqhO4R3BKrxMtBQNS4tEqmpnLu+jS5RLPhJ1lHJdsRSDEKMTRMMwnIcsuAIcjXSPYQRRWI48p/sqtpuNFxTOjS04/3VqSCnMDHzLnpwZqkA+HNBzY0v41KyNUEH5LrsYcQoNmlKU4zRw8Zjg9CCjX+6l71toYnTmoDE=

Hi Serge,

The idea behind ossec's agent/server architecture is that by keeping
the integrity
check databases and main configuration files on the server side, If
any of the agents
are compromised, the central server will not be affected (and all your
logs, configs
and dbs will be intact). That's how we check that the db wasn't modified...

hope it helps.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 5/24/07, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote:
>
> Hello -
>
> Does OSSEC support a digital signatures for configuration files and
> integrity check databases? How does it make sure that DBs with
> checksums weren't compromised from the last check?
>
> Thanks.
>

References:
- [ossec-list] Digital signature for integrity check DB
  - From: Serge Dubrouski

Prev by Date: [ossec-list] Re: Disable rootcheck / OSSEC inside openvz VPS
Next by Date: [ossec-list] Re: Changing log directory
Previous by thread: [ossec-list] Digital signature for integrity check DB
Next by thread: [ossec-list] email-to based on alarm level
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.