Hello, the question is for the syscheck activity, but perhaps it could be valid for other cases too.
I would like be be informed if the syscheck daemon on an agent is no longer active (e.g. the node could have been hacked and the daemon killed: this opens other scenarios, like how can I be sure that the checksum db has not been tampered with? but this is another problem) I don't know if the agent sends a report at the chosen time even if there is nothing to signal: in this case it could be sufficient to raise an alert if nothing is received. Regards rc -- Roberto Cecchini -- INFN / GARR-CERT Tel: +39 0554572113 Via Sansone 1, I50019 Sesto Fiorentino PGP key: http://www.cert.garr.it/PGP/
