We have a pull request to allow for a whitelist of hashes to be stored
in an sqlite database. I think Wazuh already has this feature.
(https://github.com/ossec/ossec-hids/pull/1091)
You could pre-populate it with the appropriate hashes before an upgrade.
On Fri, Jun 2, 2017 at 3:45 AM,
It will be great if you implement this.
I'll wait with impatience.
On Wednesday, May 31, 2017 at 8:22:24 PM UTC+3, Pedro Sanchez wrote:
>
> Great! Good to know its working!
>
> Thanks for coming back to tell us.
>
> I believe we will develop a easier way to do this on the future, something
>
Hi,
It might be better to adjust the rule level temporarily, to disable
alerting but still generate logs.
On Wed, May 31, 2017 at 7:22 PM, Pedro Sanchez wrote:
> Great! Good to know its working!
>
> Thanks for coming back to tell us.
>
> I believe we will develop a easier way
Hi,
If you want to disable syscheck component for specific folders, you could
push an setting for syscheck block using agent.conf centralized
configuration.
For example, you could ignore something like:
*/etc/*
Reference here
I am going to update my Linux servers and I tried to disable the
ossec-agent for this time.
I was the following workarounds:
1. stop agent on a host
2. run /var/ossec/bin/syscheck_control -u AGENT_ID
3. update
4. up agent
But after start agent I got lots of trigger "new files in the server"