Greetings:
In our /var/ossec/etc/ossec.conf file on the server end, we exclude
those rules which have no application in our environment.
Examples:
<!--
<include>mailscanner_rules.xml</include>
<include>ms-exchange_rules.xml</include>
<include>racoon_rules.xml</include>
<include>vpn_concentrator_rules.xml</include>
-->
<!--
<include>zeus_rules.xml</include>
<include>solaris_bsm_rules.xml</include>
-->
Yet on every single update of ossec on the server end, it ends up
putting all of the rules back.
Is there a way to preserve the rules we want excluded and yet still
update the other rules on upgrades?
Thank you.
