I installed an rpm which creates binary is /usr/sbin. As per the below
rules which I mentioned in ossec.conf for server and clients ,It is
not generating mails. Even I tried to touch a file inside /usr/sbin ,
not getting alerts :(
Snippet from ossec.conf
<directories realtime="yes" check_all="yes">/etc,/usr/bin,/usr/sbin</
directories>
<directories realtime="yes" check_all="yes">/bin,/sbin</
directories>
<alert_new_files>yes</alert_new_files>
I ran below command too. But not showing any newly created file
./syscheck_control -i 017
Changes for 2010 Aug 05:
2010 Aug 05 17:22:41,0 - /var/ossec/etc/ossec.conf
2010 Aug 05 17:26:49,0 - /etc/shadow-
2010 Aug 05 17:26:53,0 - /etc/shadow
2010 Aug 05 17:27:27,0 - /etc/ssh/sshd_config
2010 Aug 05 17:27:31,0 - /etc/passwd-
Changes for 2010 Aug 06:
2010 Aug 06 16:51:08,0 - /var/ossec/etc/ossec.conf
2010 Aug 06 16:55:18,0 - /etc/shadow-
2010 Aug 06 16:55:22,0 - /etc/shadow
2010 Aug 06 16:55:56,0 - /etc/ssh/sshd_config
2010 Aug 06 16:56:00,0 - /etc/passwd-
Any help will be appreciated.
Regards,
Anoop Mohan
