Hi Liam,
unfortunately Syscheck and Rootcheck features are run in the same process
and can't work together (at the same time). In short, the process works
looping over three steps:
1. Complete Syscheck scan.
2. Rootcheck test.
3. Real-time Syscheck monitoring.
So, every file changed
But Alsoany way to speed up the PID_CHECK? seems to take a very long
time to finish, during which realtime monitoring does not work.
On Tuesday, October 18, 2016 at 10:22:11 PM UTC-4, Liam Curtis wrote:
>
> Well think I got it...details here:
>
>
Well think I got it...details here:
https://github.com/ossec/ossec-hids/issues/973
seems like was biting mealso check_pids on rootkit taking
forever to process, so between the two
Hopefully this all helps someone down the road.
On Tuesday, October 18, 2016 at 8:32:27 PM UTC-4, Liam
