Re: [ossec-list] Disable the ossec-agent for OS updates.

We have a pull request to allow for a whitelist of hashes to be stored in an sqlite database. I think Wazuh already has this feature. (https://github.com/ossec/ossec-hids/pull/1091) You could pre-populate it with the appropriate hashes before an upgrade. On Fri, Jun 2, 2017 at 3:45 AM,

Re: [ossec-list] Disable the ossec-agent for OS updates.

It will be great if you implement this. I'll wait with impatience. On Wednesday, May 31, 2017 at 8:22:24 PM UTC+3, Pedro Sanchez wrote: > > Great! Good to know its working! > > Thanks for coming back to tell us. > > I believe we will develop a easier way to do this on the future, something >

Re: [ossec-list] Disable the ossec-agent for OS updates.

Hi, It might be better to adjust the rule level temporarily, to disable alerting but still generate logs. On Wed, May 31, 2017 at 7:22 PM, Pedro Sanchez wrote: > Great! Good to know its working! > > Thanks for coming back to tell us. > > I believe we will develop a easier way

Re: [ossec-list] Disable the ossec-agent for OS updates.

Hi, If you want to disable syscheck component for specific folders, you could push an setting for syscheck block using agent.conf centralized configuration. For example, you could ignore something like: */etc/* Reference here

[ossec-list] Disable the ossec-agent for OS updates.

I am going to update my Linux servers and I tried to disable the ossec-agent for this time. I was the following workarounds: 1. stop agent on a host 2. run /var/ossec/bin/syscheck_control -u AGENT_ID 3. update 4. up agent But after start agent I got lots of trigger "new files in the server"