subject:"\[ossec\-list\] Re\: monitor hostname changes"

[ossec-list] Re: monitor hostname changes

2016-06-06 Thread Francesco Raimondi

Guys, firt of all thank you both for taking the time to answer my question, you're awesome! I should have been clearer though... 99% of my agents are windows-based, so I think Victor's solution would be more appropiate. My bad, I forgot to specify the OS version :) Again, thank you very

[ossec-list] Re: monitor hostname changes

2016-06-06 Thread Victor Fernandez

Hi Francesco. A good way to achieve this is to monitor the command "hostname", adding the following lines to ossec.conf: command hostname 3600 Then, create a rule like this one, as child of rule 530 (about OSSEC command monitoring), with the option , in order to be alerted only when

[ossec-list] Re: monitor hostname changes

2016-06-06 Thread Jesus Linares

Hi Francesco, you can use syscheck to monitor the "hostname files": /etc/hosts, /etc/hostname, etc. Also, you can use commands to execute the "hostname" command and compare it with the

[ossec-list] Re: monitor hostname changes

[ossec-list] Re: monitor hostname changes

[ossec-list] Re: monitor hostname changes

3 matches

Site Navigation

Mail list logo

Footer information