On Tue, Dec 29, 2009 at 2:08 PM, --[ UxBoD ]-- <[email protected]> wrote: > > Appreciate your response; though as syscheck runs as root it is very hard to > set via limits.conf as it would effect all root processes. I thought about > adding ossec as a supplementary group to root and using that to reset the > priority via limits.conf but I believe it only looks at the primary group. > Do you believe this request would be feasible or should I look at alternative > methods; though it would offer greater flexibility via the shared agent > configuration of OSSEC. > > Thanks. >
I don't know how easy it would be to add it into the ossec code, but I imagine it wouldn't be too difficult to hack it into the ossec-control script. You could add a NICE=0 near the top (keep it at the current level by default). Then in the stop) section, renice the appropriate pids if NICE != 0. Not quite as elegant as adding the functionality into ossec itself, but quick and easy.
