-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forrest Aldrich wrote: > > I'm newly installing OSSEC on some production systems. > > Trying to understand when OSSEC creates signatures of the system > binaries and where this is stored (agent and server). > > Or is this something I must configure it to do, apart from the stock > configuration (out-of-the-box), which I plan on tweaking later. > > > Thanks. > > I assume you're talking about hashing of files and where the hashes are stored. This is accomplished by the syscheck daemon. Check the /var/ossec/queue/syscheck directory. This should have files for the server and each agent. The hashes are stored there, but I don't know why you would want to be able to access them outside of OSSEC.
- -- gentux echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge' gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2 18D3 4A9E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE/kZWTPA54hjTSp4RAnqDAJ4jD5yeBmXPqvmxSqwKyUPpFFWPywCfSSyn +A0XYkMOq/Bp9BsvkizpwZ4= =GFq9 -----END PGP SIGNATURE-----
