Hi Daniel,
many thanks for the great reply. I have been playing with
ossec and like it very much.
Another question is that if I run a virtual server (using
vserver or openvz) whose root is ie /var/myserver and would
like ossec to protect that virtual server from the real
host, then which steps are needed? Probably I have to tell
ossec which extra log files to check
(/var/myserver/var/log/...) and which files to monitor
integrity (like /var/myserver/{/bin,/etc,/sbin,...}), but
what about rootkit check? Is there some doc about how
rootcheck works? I took a look at the rootkit_files.txt
file, but didn't get a clue.
Best regards,
Thanh
On Fri, Mar 16, 2007 at 11:23:45PM -0400, Daniel Cid wrote:
Hi Thanh,
Currently there is no "official" way to do what you want. You could hack the
ossec2db script (from Meir) for instead of inserting into a db, to generate
the desired e-mail message. In the future, I plan to add support for SMS
specific messages and some additional alerting options, but that will be
in a future version (1.2 and above)..
*Btw, the current ossec-maild works fine with gmail SMTP (I used it all
the time), since you are not required to use TLS for it.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
On 3/15/07, Thanh Han The <[EMAIL PROTECTED]> wrote:
>
>Hi list,
>
>is it possible to use some other program to send mail alert,
>instead of ossec-maild? For example, if I want to send
>mail alert to a google account, then SMTP authentication via
>TLS is required and I cannot figure out how to do that. Any
>hint please?
>
>Thanks,
>Thanh
>
