Greetings to all, I am new to this list and if any of my questions seems silly please bare with me... I have just updated ossec to version 1.6.1. As in the previous version I get this message in the log file: *ossec-rootcheck: System audit file not configured.* ... ossec-rootcheck: INFO: Started (pid: 15191). Can anyone help me what the "System audit file not configured" message means and how to fix it ?
Also can anyone please explain the current architecture of rootcheck ? For example there seems to be a new binary : "rootcheck_control" in this version. What is its function ? Also there is an (independent ?) rootcheck-1.5.tar.gz binary that you can compile and run. Is this included in the ossec.tar archive or someone has to download it independently and (somehow) combine it with the ossec installation ? I thank you all very much for your help Best Regards John
