Hi, I know there's a new alert when Ossec start.
Maybe it should be a good idea to fire an alert if Ossec stop.
That way we will be able to know if someone stop ossec.
Of course it will not stop someone who want to kill the process, but in
a second time
we could imagine that the differents process looks to them together and
if one
is stopped brutally, it sends a signal to the other ones to fire an alert.
Maybe I'm not completely clear in my words (surely because english is
not my natal
language) but I'm concerned about someone trying to stop the processes
maliciousely.
Maybe a trap for the kill/stop signals can be a good idea.
