Hi Gagan, I'm not using it but you have two options:
- Add history files to your ossec config and make rules for monitor some "ugly" commands. - Also you could use SeLinux to audit commands, I can't remember what you need but I suppose google is waiting for you :) Greetings Iñaki R. Gags wrote: > Dear All > > Is anyone is using ossec to monitor root activity ( activity done by > root in terms of command executed). Otherwise if anyone can enlighten > with the idea how to achieve the same > > Regards > Gagan Bhatia > > To unsubscribe from this group, send email to > ossec-list+unsubscribegooglegroups.com or reply to this email with the words > "REMOVE ME" as the subject. To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
