Thanks, thats a good lead, Ill investigate and if I get anywhere Ill post the results
Martin West skype:amartinwest On 7 Nov 2009, at 12:46, dan (ddp) wrote: > > I basically setup an active respose in the server's ossec.conf to fire > on the file integrity rules. > The script would figure out which file probably changed, update its > checkout of the cvs tree, run the diff and email it to me. The hardest > part was figuring out which file changed, since I don't think that > info got passed as an argument to the script (PLEASE show me the error > of my ways if I am wrong). > I got lost in some of the details and lost the time to work on it, so > it never made it to "production." > Hope that helps. I don't have access to the setup right now or I'd > pass an example on. > dan > > On 11/5/09, Martin West <[email protected]> wrote: >> >> K, how do you hook in the script? >> >> Martin West >> skype:amartinwest >> >> On 5 Nov 2009, at 12:54, dan (ddp) wrote: >> >>> >>> I've bee playing a bit with active response to get diffs. I store >>> most >>> config files in a cvs repository (although svn and git would work >>> well >>> also). My script finds the file that changed, copies it to a checked >>> out of the repo and does a diff. >>> I haven't messed with it in a while though due to time constraints. >>> >>> On 11/5/09, Martin West <[email protected]> wrote: >>>> >>>> I looked for a way to selectively get diffs when "Integrity >>>> checksum >>>> changed " fires. >>>> >>>> The only way I can see at the moment is to use the ssh agentless >>>> ssh_generic_diff feature on the box its self. >>>> >>>> Is there another way? >>>> >>>> Thanks Martin West >>>> >>>> >>>> >> >>
