I'm hoping to implement a constraint where, if disk space used (on a specific tree such as /home) changes by more than a certain percent then it will trigger an alert. I have a controlled environment (PCI) where delta disk space usage changes should be pretty predictable, my goal is to hopefully spot malware installation or other tampering by an abnormal change in disk space utilization.
I realize that this approach is anything but perfect, however, I am hoping it will augment monitoring for areas of the disk where strict checking is not feasible. If there are alternative ways to accomplish this goal I'm open to any suggestions. I looked at agentless monitoring but it appears that the requirement is "exact match" or alert. I understand that I could write a script which returned the same output if my criteria was met but that would mean storing history locally which would itself be subject to attack. I'm also not sure if agent and agentless configuration can be combined. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
