That brings up a good idea for future enhancement: the ability to gpg encrypt email so that information is not clear text. An attacker with access to the internal network could theoretically poison the arp cache and intercept packets corresponding to any such reporting email at present. The log would remain intact, but the alert could be prevented.
-----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of David Vasil Sent: Thursday, September 07, 2006 1:44 PM To: [email protected] Subject: [ossec-list] Re: Integrity Checks and Diffs? Forrest Aldrich wrote: > > Maybe for text-only files, provide an option to include a contextual > diff output, which shows the changes of the monitored file, with that of > the known version --- this would require keeping that old version > archived somewhere, though. Hmm... may be useful in some > situations, knowing not only that the file was changed, but WHAT was > changed. That could come back and bite you in some situations where the file that was changed contained sensitive information (which upon alert would be sent to you through clear-text email). -- -dave This electronic mail (including any attachments) may contain information that is privileged, confidential, and/or otherwise protected from disclosure to anyone other than its intended recipient(s). Any dissemination or use of this electronic email or its contents (including any attachments) by persons other than the intended recipient(s) is strictly prohibited. If you have received this message in error, please notify us immediately by reply email so that we may correct our internal records. Please then delete the original message (including any attachments) in its entirety. Thank you.
