Hi Francesco, you can use syscheck to monitor the "hostname files": /etc/hosts, /etc/hostname, etc.
Also, you can use commands <http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.localfile.html#element-command>to execute the "hostname" command and compare it with the previous hostname using the option *check_diff*. Check out the documentation: http://ossec-docs.readthedocs.io/en/latest/syntax/head_ossec_config.localfile.html Regards. On Sunday, June 5, 2016 at 7:18:35 PM UTC+2, Francesco Raimondi wrote: > > Greetings, > can ossec monitor hostname modification? I didn't find any rules, nor do I > have an idea on how to create one that does it. > > Any help or hint into the right direction would be greatly appreciated > Frank > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.