Actually this is the problem. I have the following entries in the client`s ossec.conf:
<ignore>/var/www/html/openx</ignore> <ignore>/var/www/html/fotos</ignore> <ignore>/root/SYNCFOLDER</ignore> <ignore>/var/www/content</ignore> <ignore>/var/www/webcontent</ignore> <ignore>/var/www/html</ignore> Yet I still get the following messages: Received From: (XX)->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): File '/var/www/html/fotos/T01000/T01102_11_1.jpg' is owned by root and has written permissions to anyone. Any ideas? Özgür Özdemircili http://www.acikkod.org Code so clean you could eat off it On Fri, Feb 19, 2010 at 3:36 PM, Daniel Cid <[email protected]> wrote: > Hi Ozgur, > > The <ignore> option is already recursive by default. So using that should > be enough. > > Ex: <ignore>/etc/httpd</ignore> will ignore all /etc/httpd and subfolders. > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On Mon, Feb 15, 2010 at 3:58 AM, Ozgur Ozdemircili > <[email protected]> wrote: > > Hi, > > > > Is there any way to ignore folders recursevily? I.e: > > > > I have a folder called data, Inside there are 100+ folders which > > contrains other folders. > > Can I recursively ignore data and all the folders inside? > > > > Thanks. > > > > > > Özgür Özdemircili > > >
