If this happened then it's game over. Encrypting the files/filesystem will do no good if your system is compromised.
Sorry, I don't buy it. Try again. -- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH -----Original Message----- From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Michel Henrique Aquino Santos Sent: Thursday, March 22, 2012 15:52 To: ossec-list@googlegroups.com Subject: Re: [ossec-list] Database and File rules encrypted? If an attacker managed to enter the machine and gain privileged access, it can read the configuration files if the OSSEC installed as local. Thus, you can use a directory or file not monitored to carry out the attack, or even modify the file rules. Em 22-03-2012 18:16, Nelson, James escreveu: The vast majority of log data is not encrypted to begin with, so how do you figure it's a vulnerability? At most, transmission between agent and master could be considered vulnerable but you can set it up to use secure transmission which would be encrypted. James ________________________________ From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of Michel Henrique Aquino Santos Sent: Thursday, March 22, 2012 3:54 PM To: ossec-list@googlegroups.com Subject: Re: [ossec-list] Database and File rules encrypted? Thanks for the reply. This is not good because it creates a vulnerability in the system. Att. Em 22-03-2012 17:33, dan (ddp) escreveu: Neither are encrypted in OSSEC. On Thu, Mar 22, 2012 at 4:22 PM, Michel Henrique Aquino Santos <michel....@gmail.com> <mailto:michel....@gmail.com> wrote: Hello, I'm doing an paper on university study (Federal University of Lavras - UFLA - www.ufla.br), comparing four tools for checking integrity of files (Tripwire, OSSEC, AIDE and Samhain). I need some information about the tool OSSEC. The generated database (snapshot) is encrypted? The rules file is encrypted? Sorry my english, I can not write correctly. I await response. Thank you! -- Att, Michel Henrique Aquino Santos Bacharelado em Ciência da Computação Universidade Federal de Lavras - UFLA Skype: michel_has Gtalk: michel.has michel....@gmail.com Linux User # 496756 http://resolvidoslinux.blogspot.com/ -- Att, Michel Henrique Aquino Santos Bacharelado em Ciência da Computação Universidade Federal de Lavras - UFLA Skype: michel_has Gtalk: michel.has michel....@gmail.com Linux User # 496756 http://resolvidoslinux.blogspot.com/ -- Att, Michel Henrique Aquino Santos Bacharelado em Ciência da Computação Universidade Federal de Lavras - UFLA Skype: michel_has Gtalk: michel.has michel....@gmail.com Linux User # 496756 http://resolvidoslinux.blogspot.com/