[ossec-list] Re: Need info ...

[David Williams]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eric,
        In my case, I have ossec's file integrity run against the ossec 
configuration directory.  It does not prevent someone with root privileges from 
changing the file (and conceivably taking the directory out of the file 
integrity test) but I believe they would also have restart it to make that take 
effect, and the restart would be logged.
        -David

Eric Franckx wrote:
> Hi,
> 
>  
> 
> In fact I want to know :
> 
> ·         The ossec.conf file is located on the server and agent ?
> 
> ·         Is there a solution to set all file son the server (conf
> files) and not on the agent site ?
> 
> ·         How can you prevent a user on the agent (with enough right) to
> change the conf on the agent site ?
> 
>  
> 
> Regards,
> 
>  
> 
> Eric
> 
>  
> 
>  
> 
> *From:* ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com]
> *On Behalf Of *Partha Panda
> *Sent:* Thursday, February 19, 2009 4:57 PM
> *To:* ossec-list@googlegroups.com; ossec-l...@ossec.net
> *Subject:* [ossec-list] Re: Need info ...
> 
>  
> 
> Hi Eric
> 
> Yes, you can do this with Ossec. You can override rules ins the
> local_rules.xml to define exceptions. You can find more information at
> http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules.
> 
>  
> 
> Hope this helps
> 
>  
> 
> Partha
> 
>  
> 
> *From:* ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com]
> *On Behalf Of *Eric Franckx
> *Sent:* Thursday, February 19, 2009 4:39 AM
> *To:* ossec-l...@ossec.net
> *Subject:* [ossec-list] Need info ...
> 
>  
> 
> Hi,
> 
> We are looking for a HIDS tool to be implemented in our company.
> 
>  
> 
> The features of you product are great but I didn’t find info about:
> 
> ·         How can I  update my rule if a modification on a host (agent)
> was done but needed à apply a patch for example ?
> 
> ·         Is there a way from the central place to “add’” this change
> into the database file ? à so it will not generate an “alert”
> 
> Regards,
> 
>  
> 
>  
> 
> Eric Franckx
> /Enterprise IT Architect/
> 
> NorthgateArinso
> Bld. de l'Humanité / Humaniteitslaan 116
> 1070 Brussels
> BELGIUM
> 
> Phone: +32 2 558 06 70
> Fax: +32 2 558 06 80
> Mobile: +32 477 37 69 74
> E-mail: eric.fran...@northgatearinso.com
> <mailto:firstname.lastn...@northgatearinso.com>
> URL: www.northgatearinso.com <http://www.northgatearinso.com/>
> 
>  
> 
>  
> 

- -- 
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmeEIYACgkQCzuSgviBh00KvgCgiwkx6tdVCJlouRg0hDLJkC0e
ZTgAn0GBRfishgWOxbmfRQleNSnhHg2L
=sfEp
-----END PGP SIGNATURE-----