Thansk for the info./ Eric
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Williams Sent: Friday, February 20, 2009 3:08 AM To: [email protected] Subject: [ossec-list] Re: Need info ... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric, In my case, I have ossec's file integrity run against the ossec configuration directory. It does not prevent someone with root privileges from changing the file (and conceivably taking the directory out of the file integrity test) but I believe they would also have restart it to make that take effect, and the restart would be logged. -David Eric Franckx wrote: > Hi, > > > > In fact I want to know : > > · The ossec.conf file is located on the server and agent ? > > · Is there a solution to set all file son the server (conf > files) and not on the agent site ? > > · How can you prevent a user on the agent (with enough right) to > change the conf on the agent site ? > > > > Regards, > > > > Eric > > > > > > *From:* [email protected] [mailto:[email protected]] > *On Behalf Of *Partha Panda > *Sent:* Thursday, February 19, 2009 4:57 PM > *To:* [email protected]; [email protected] > *Subject:* [ossec-list] Re: Need info ... > > > > Hi Eric > > Yes, you can do this with Ossec. You can override rules ins the > local_rules.xml to define exceptions. You can find more information at > http://www.ossec.net/wiki/index.php/Know_How:Ignore_Rules. > > > > Hope this helps > > > > Partha > > > > *From:* [email protected] [mailto:[email protected]] > *On Behalf Of *Eric Franckx > *Sent:* Thursday, February 19, 2009 4:39 AM > *To:* [email protected] > *Subject:* [ossec-list] Need info ... > > > > Hi, > > We are looking for a HIDS tool to be implemented in our company. > > > > The features of you product are great but I didn’t find info about: > > · How can I update my rule if a modification on a host (agent) > was done but needed à apply a patch for example ? > > · Is there a way from the central place to “add’” this change > into the database file ? à so it will not generate an “alert” > > Regards, > > > > > > Eric Franckx > /Enterprise IT Architect/ > > NorthgateArinso > Bld. de l'Humanité / Humaniteitslaan 116 > 1070 Brussels > BELGIUM > > Phone: +32 2 558 06 70 > Fax: +32 2 558 06 80 > Mobile: +32 477 37 69 74 > E-mail: [email protected] > <mailto:[email protected]> > URL: www.northgatearinso.com <http://www.northgatearinso.com/> > > > > > - -- _______________________________________________ GPG (http://www.gnupg.org/) key available from: http://www.kayakero.net/per/david/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmeEIYACgkQCzuSgviBh00KvgCgiwkx6tdVCJlouRg0hDLJkC0e ZTgAn0GBRfishgWOxbmfRQleNSnhHg2L =sfEp -----END PGP SIGNATURE-----
