Hi,
In fact I want to know : · The ossec.conf file is located on the server and agent ? · Is there a solution to set all file son the server (conf files) and not on the agent site ? · How can you prevent a user on the agent (with enough right) to change the conf on the agent site ? Regards, Eric From: [email protected] [mailto:[email protected]] On Behalf Of Partha Panda Sent: Thursday, February 19, 2009 4:57 PM To: [email protected]; [email protected] Subject: [ossec-list] Re: Need info ... Hi Eric Yes, you can do this with Ossec. You can override rules ins the local_rules.xml to define exceptions. You can find more information at http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules. Hope this helps Partha From: [email protected] [mailto:[email protected]] On Behalf Of Eric Franckx Sent: Thursday, February 19, 2009 4:39 AM To: [email protected] Subject: [ossec-list] Need info ... Hi, We are looking for a HIDS tool to be implemented in our company. The features of you product are great but I didn't find info about: · How can I update my rule if a modification on a host (agent) was done but needed à apply a patch for example ? · Is there a way from the central place to "add'" this change into the database file ? à so it will not generate an "alert" Regards, Eric Franckx Enterprise IT Architect NorthgateArinso Bld. de l'Humanité / Humaniteitslaan 116 1070 Brussels BELGIUM Phone: +32 2 558 06 70 Fax: +32 2 558 06 80 Mobile: +32 477 37 69 74 E-mail: [email protected] <mailto:[email protected]> URL: www.northgatearinso.com <http://www.northgatearinso.com/>
