Hi Paco, OSSEC does not perform any content diff, just md5, sha1, size, permissions and ownership. In the alert it specifies what changed (size, md5, etc). It would require a full backup of the whole system for the full content diff to work...
Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On Jan 29, 2008 9:11 AM, Paco Avila <[EMAIL PROTECTED]> wrote: > > > El mar, 29-01-2008 a las 08:03 -0400, Daniel Cid escribió: > > Hi John, > > > > It is possible. When a file (object) changes, OSSEC states in the > > alert what changed (md5, size, permissions, etc). Also, in the > > integrity checking "queue" (or via the web interface) you can see > > everything that changed for any file. > > > > *you should install it soon, you are missing on the fun :) > > I only see "File", "Agent" and "Modification time". But no file content > diff. > > -- > GIT CONSULTORS > > www.git.es > > Tel: +34 971 498 310 > Fax: +34 971 496 189 > > C/ Francesc Rover, 2B. > 07003 Palma de Mallorca – Illes Balears (España) > > >
