hey alberto, thanks for the reply. i can confirm that i have removed the folder AFTER doing the uninstall process. the long single line command i have listed in my original post, does include the command:
sudo rm -rf /var/ossec; and after doing that i did confirm that the folder was gone. i have just tried again, and the same behavior. when i look at the ossec.conf, it has my email address already contained it. okay, after re-looking and thinking about it, this is what i have figured out. i think the installer is modifying the ossec.conf file. in fact, i am positive about it. it is changing the email address to an email entry for root in: /etc/aliases it is also changing the domain portion of the from address to whatever a rDNS resolves to based on the ip address of the primary interface. so if the ip address resolves to test.com, the email from section will not be: oss...@test.com i have now delved into the debian package installation file, and i can confirm.... that the installer is making attempts at figuring out the email configuration PRIOR to writing the ossec.conf file. without digging into exactly how the installer is figuring these things out, it seems that the behavior i am witnessing is correct based on the installer. thanks again alberto. best. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
