Hi everyone, I am using ossec v2.3 on server and I have a exception in module rootchchek:
<rootcheck> .............. <ignore>/tmp/</ignore> </rootcheck> I have restarted de daemon, but I am receiving alerts about changes in directory /tmp. It isn't incorrect this sitaxy in osssec.conf ? Thanks. Albert.
