Haha hmm. So any idea why it's throwing an error for me? Is a new release slated to come out soon?
On Mon, Apr 23, 2018 at 4:29 PM dan (ddp) <ddp...@gmail.com> wrote: > On Mon, Apr 23, 2018 at 6:26 PM, dan (ddp) <ddp...@gmail.com> wrote: > > On Mon, Apr 23, 2018 at 6:05 PM, Cooper Graf <coopertg...@gmail.com> > wrote: > >> Is there documentation that explains what a glob is? This worked fine > with > >> 2.7. > >> > > > > I don't think so. I just tried it on a 3.x system and didn't get the > > error. Still waiting on results to see if it checks properly. > > > > <syscheck> > > <!-- Frequency that syscheck is executed - default to every 22 hours > --> > > <frequency>1800</frequency> > > <auto_ignore>no</auto_ignore> > > > > <!-- Directories to check (perform all possible verifications) --> > > <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > > <directories check_all="yes">/bin,/sbin,/boot</directories> > > <directories check_all="yes">/var/test</directories> > > <directories check_all="yes">/var/test2</directories> > > <directories check_all="yes">/home/*/.ssh</directories> > > > > ix# grep home /var/ossec/logs/ossec.log > > 2018/04/23 18:20:17 ossec-syscheckd: INFO: Monitoring directory: > > '/home/ansible/.ssh', with options perm | size | owner | group | > > md5sum | sha256sum. > > 2018/04/23 18:20:17 ossec-syscheckd: INFO: Monitoring directory: > > '/home/ddp/.ssh', with options perm | size | owner | group | md5sum | > > sha256sum. > > 2018/04/23 18:20:17 ossec-syscheckd: INFO: Monitoring directory: > > '/home/ddpbsd/.ssh', with options perm | size | owner | group | md5sum > > | sha256sum. > > > > Hit send too early, the files were successfully checked and catalogued > on this system. > > > > > And on a slightly older agent: > > <syscheck> > > <!-- Frequency that syscheck is executed - default to every 22 hours > --> > > <frequency>79200</frequency> > > > > <!-- Directories to check (perform all possible verifications) --> > > <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > > <directories check_all="yes">/bin,/sbin,/boot</directories> > > <directories check_all="yes">/home/*/.ssh</directories> > > > > root@kaitain:~# grep 'home' /var/ossec/logs/ossec.log > > 2018/04/23 18:25:15 ossec-syscheckd: INFO: Monitoring directory: > > '/home/ansible/.ssh', with options perm | size | owner | group | > > md5sum | sha1sum. > > 2018/04/23 18:25:15 ossec-syscheckd: INFO: Monitoring directory: > > '/home/checker/.ssh', with options perm | size | owner | group | > > md5sum | sha1sum. > > > > > >> On Mon, Apr 23, 2018 at 12:53 PM dan (ddp) <ddp...@gmail.com> wrote: > >>> > >>> > >>> > >>> On Mon, Apr 16, 2018 at 2:08 PM, Cooper <coopertg...@gmail.com> wrote: > >>>> > >>>> I am getting the following error from syscheckd when starting up OSSEC > >>>> 2.9.3: > >>>> > >>>> 2018/04/16 13:01:14 ossec-analysisd: INFO: Reading rules file: > >>>> 'sshd_rules.xml' > >>>> 2018/04/16 13:01:14 ossec-syscheckd(1121): ERROR: Glob error. Invalid > >>>> pattern: '/home/*/.ssh'. > >>>> 2018/04/16 13:04:35 ossec-analysisd: INFO: Reading rules file: > >>>> 'sshd_rules.xml' > >>>> 2018/04/16 13:04:35 ossec-syscheckd(1121): ERROR: Glob error. Invalid > >>>> pattern: '/home/*/.ssh/'. > >>>> > >>>> Inside of my ossec.conf file, I have this line, which seems to be > >>>> generating the error: > >>>> > >>>> <directories check_all="yes">/home/*/.ssh/</directories> > >>>> > >>>> Any idea what is invalid about that pattern? > >>>> > >>>> -- > >>> > >>> > >>> I don't think globs are valid in the syscheck configuration. > >>> > >>> > >>>> > >>>> > >>>> --- > >>>> You received this message because you are subscribed to the Google > Groups > >>>> "ossec-list" group. > >>>> To unsubscribe from this group and stop receiving emails from it, > send an > >>>> email to ossec-list+unsubscr...@googlegroups.com. > >>>> For more options, visit https://groups.google.com/d/optout. > >>> > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to ossec-list+unsubscr...@googlegroups.com. > >>> For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to ossec-list+unsubscr...@googlegroups.com. > >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
