Daniel, That was it. Server and client were upgraded from earlier releases. CIS auditing now working. Thanks for your help.
Aaron On Tue, Oct 28, 2008 at 3:18 PM, Daniel Cid <[EMAIL PROTECTED]> wrote: > > Hi Aaron, > > These are enabled by default if you did a fresh install of 1.6/1.6.1. > If you run the rootcheck_control tool > you will be able to see what has been reported. If you want to receive > email alerts on these, follow > the instructions on that link to create a custom rule. > > If you upgraded from 1.5 or below, you need to add the CIS files to > your rootcheck config. Ex: > > <rootcheck> > <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit> > <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit> > <system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit> > <system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit> > </rootcheck> > > Hope it helps. > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Sat, Oct 25, 2008 at 10:30 AM, Aaron Bliss <[EMAIL PROTECTED]> > wrote: > > Hi all, > > I'm running version 1.6.1. I'm looking for documentation on how to > enable > > CIS benchmark auditing on the server and clients. I cam across this link > in > > the wiki, but I didn't see any documentation on configuring/enabling the > > auditing policy or rules. Thanks. > > > > Aaron > > > > http://www.ossec.net/wiki/index.php/Know_How:UnixPolicy > > >
