Hi,
If you need to disable the file integrity checking, just remove the
directories entry
from the ossec.conf or set disabled to no inside the syscheck entry.
Doing that, it will stop the integrity checking, but the anomaly
detection will still run. Note that
the anomaly detection is also ran
There's probably a better way to do it, but you can
remove the ossec-syscheckd entries in /var/bin/ossec-control.
An ugly hack, but a smooth one. In 2.1's ossec-control script, there are
2 definitions of DAEMONS and removing ossec-syscheckd from those lists
does exactly what I want.
For