Re: [ossec-list] agent-auth return code 1

, Marco -- Marco Bonetti Tor research and other stuff: http://sid77.slackware.it/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F

[ossec-list] Debugging rootcheck events

permissions to anyone. How do I test my local rules against this event? I tried to feed the reported Portion of the log(s): to ossec-logtest but it doesn't trigger. My current solution is to trigger a rootchek but I'm not liking it very much, any other ideas? Ciao, Marco -- Marco Bonetti Tor

Re: [ossec-list] Rules and decoders

ok, thank you! -- Marco Bonetti Tor research and other stuff: http://sid77.slackware.it/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F

[ossec-list] Rules and decoders

like srcuser from the report tool? Thanks in advance, Marco -- Marco Bonetti Tor research and other stuff: http://sid77.slackware.it/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F