RE: [ossec-list] Re: Prerrequisites Instalation OSSEC

2016-04-27 Thread Adiel Navarro
Sure, I want to know the minimal requisites to install OSSEC in a Linux environment. I want to probe file integrity monitoring function. Thanks, regards. De: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] En nombre de Pedro S Enviado el: martes, 26 de abril

Re: [ossec-list] Auto Ignore Issue in agent.conf

2016-04-27 Thread dan (ddp)
On Wed, Apr 27, 2016 at 11:09 AM, sandeep wrote: > > Thanks Dan for the reply. So just to conclude, auto_ignore option cannot be > used in the agent.conf and is only applicable to ossec.conf server/local > installations right ? > Correct. > -- > > --- > You received

Re: [ossec-list] Auto Ignore Issue in agent.conf

2016-04-27 Thread sandeep
Thanks Dan for the reply. So just to conclude, auto_ignore option cannot be used in the agent.conf and is only applicable to ossec.conf server/local installations right ? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe

Re: [ossec-list] Auto Ignore Issue in agent.conf

2016-04-27 Thread dan (ddp)
On Wed, Apr 27, 2016 at 10:54 AM, sandeep wrote: > Hello All, > > We used the auto_ignore option in agent.conf file and when the OSSEC service > was started on the agents it stopped monitoring the directories saying > "syscheck is disabled" in the ossec.log file. >

[ossec-list] Auto Ignore Issue in agent.conf

2016-04-27 Thread sandeep
Hello All, We used the *auto_ignore option in agent.conf* file and when the OSSEC service was started on the agents it stopped monitoring the directories saying *"syscheck is disabled"* in the ossec.log file. 2016/04/27 10:40:05 ossec-agent: Starting syscheckd thread. 2016/04/27 10:40:05

Re: [ossec-list] ossec users and group should be in system groups

2016-04-27 Thread dan (ddp)
On Tue, Apr 26, 2016 at 3:12 PM, Dennis Golden wrote: > Over the past several years, I have submitted diff's for InstallServer.sh > and InstallAgent.sh to make the users and group be in the range for system > users/groups. > > I use openSUSE that has always

[ossec-list] Re: Change alert level for changes to system configuration files and system binaries

2016-04-27 Thread Jesus Linares
Hi Tahir, I didn't test it but it should work: local_rules.xml: syscheck Increasing the Alert Severity for syscheck In case you need filter by folders you could use *match *or *regex*. Check out the last example in the documentation