you are correct. i think that not make sense ossec working only with syscheck. thank's
On Fri, Mar 3, 2017 at 3:54 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Fri, Mar 3, 2017 at 7:17 AM, Noilson Caio <caiog...@gmail.com> wrote: > > @dan - is there problems if Mr. @Gardner deactivate "ossec-monitord, > > ossec-logcollector, ossec-analysisd and ossec-execd" in ossec-control > > startup script ? maybe he asking for that. i did try this in the past > but i > > remember that ossec-syscheckd log showed "queue not accessible erro", i > > guess =] > > > > Yes, there will be issues. ossec-analysisd does the analysis, > including checking the syscheck hashes. I've been thinking about > pushing the syscheck hash checking to its own daemon, but haven't done > any actual work on it. It's basically in the "shower thoughts" stage. > > I can't remember off hand whether syscheckd communicates with > logcollector or some other daemon, but that one is probably necessary. > You can find out easily by killing logcollector and seeing if syscheck > complains. > > ossec-monitord does stuff. What stuff? I can't remember off hand, but > basically various tasks required by OSSEC. I'd be wary of disabling > that one. > > execd is safe to remove. > > I think if someone only wants FIM capabilities and an extremely > minimal footprint, OSSEC may not be the package for them. Projects > like Aide are great at what they do without the fluff. > But that kind of decision is very project/requirement specific, so > don't consider this a professional opinion. :-) > > > On Thu, Mar 2, 2017 at 4:44 PM, dan (ddp) <ddp...@gmail.com> wrote: > >> > >> On Thu, Mar 2, 2017 at 2:33 PM, Sam Gardner <lwnex...@gmail.com> wrote: > >> > Hi All - > >> > > >> > I'd like to run only the syscheck subsystem in order to provide FIM. > >> > > >> > I don't see anything in the docs that immediately appears to do what I > >> > want > >> > - is there any way to run syscheckd in "standalone" mode or only > >> > alongside > >> > analysisd? > >> > > >> > >> Remove the localfile configurations. Disable active response. Disable > >> rootcheck (if that's not something you want). > >> > >> > Thanks, > >> > Sam Gardner > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, send > >> > an > >> > email to ossec-list+unsubscr...@googlegroups.com. > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to ossec-list+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > > > > > -- > > Noilson Caio Teixeira de Araújo > > https://ncaio.wordpress.com > > https://br.linkedin.com/in/ncaio > > https://twitter.com/noilsoncaio > > https://jammer4.wordpress.com/ > > http://8bit.academy > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Noilson Caio Teixeira de Araújo https://ncaio.wordpress.com https://br.linkedin.com/in/ncaio https://twitter.com/noilsoncaio https://jammer4.wordpress.com/ http://8bit.academy -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.