----- "dan (ddp)" <[email protected]> wrote: | On Tue, Dec 29, 2009 at 4:26 AM, --[ UxBoD ]-- <[email protected]> | wrote: | > | > Dan, | > | > 1. Was reading the book; oops! :) | > 2. syscheckd is the one which appears to eat a lot of I/O. We could | set /etc/security/limits.conf but if would be nice (pardon the pun) if | it could be centrally managed via shared/agent.conf with a new | parameter. | > | > Thanks, | > | | If the tool exists to do this already, use it. ;) | There are some syscheck options to make it less of a hog, but I don't | know what they are off hand. | They're documented on the site.
Appreciate your response; though as syscheck runs as root it is very hard to set via limits.conf as it would effect all root processes. I thought about adding ossec as a supplementary group to root and using that to reset the priority via limits.conf but I believe it only looks at the primary group. Do you believe this request would be feasible or should I look at alternative methods; though it would offer greater flexibility via the shared agent configuration of OSSEC. Thanks.
