Hi All, New OSSEC user here. I just have a few simple questions please.
If there is no "frequency" check set in rootcheck portion of ossec.conf. i.e.: <rootcheck> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</ rootkit_trojans> </rootcheck> When will the rootcheck be executed? Is there a default rootcheck time? Thanks in advance! Ram
