-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vitorio,
On my Fedora 7 system using vi as root, I can edit the ossec.conf file
then vi warns me that it's read-only when I try to save it, but vi allows me to
override that protection (since I'm running vi as root). I think it would be
perfectly safe to make the file writable, edit it, then remove the write
permission again. One thing you may want to consider, if you are using ossec
for file integrity checking, is to have ossec check it's own files so that
you'll get an alert if the conf (or other files) have changed. I added a line
like this to my ossec.conf:
<directories check_all="yes">/var/ossec/bin,/var/ossec/etc</directories>
-David
Vitorio Okio wrote:
| This is a re-post since it looks like my first post get lost
| somewhere.
|
| I've tried to edit "ossec.conf" file in /var/ossec/etc but was not
| allowed to save changes.
|
| Before editing the file I had stopped OSSEC executing "sudo
| /etc/init.d/ossec stop". Then tried both "gksudo gedit
| /var/ossec/etc/ossec.conf" and "sudo -s" and then as root tried to
| edit the file.
|
| In both cases in Gedit I get Save option disabled with no way to save
| changes. In Vim I was prompted for an attempt to save a read-only
| file and then bash reported an error.
|
| It look obvious to me that OSSEC rightfully protects its files and
| this is the problem. Thus I'm not looking for a work around (like
| removing read-only attrib, etc.) but rather for the right way to do
| things. But so far I've not found anything related to the case in
| OSSEC's documentation and wiki.
|
| Could anybody help, please?
|
|
|
- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFH1IxwCzuSgviBh00RAkFCAJ4mJ6p5QbLZz8oe6/3goZOEng9wIQCdF+aW
uEJOWNG0UwwNxoCekhiY1OY=
=xbbf
-----END PGP SIGNATURE-----
