You might be able to create rules to ignore alerts concerning files in /tmp or something, but I haven't played with rootcheck very much.
On Wed, Sep 15, 2010 at 5:49 PM, Josh Albright <[email protected]> wrote: > Is it possible to turnoff rootcheck for specific directories such as /tmp? I > only see the “scanall” option which can be set to yes or no in the manual > link below, but I don’t see any options to disable it on specific > directories or file systems. > > > > http://www.ossec.net/main/manual/configuration-options/#rootcheck_options > > > > Thanks for your help! > > > > Thanks, > > > > Josh > > > > This email and the information included in this transmission are privileged > and confidential and intended only for the recipient listed above. If you > are not the intended recipient, please advise the sender immediately by > reply e-mail and delete this message and any attachments without retaining a > copy. If you are not the intended recipient, you are hereby notified that > any disclosure, copying or distribution of this message, or the taking of > any action based upon it, is strictly prohibited. Although this email and > any attachments are believed to be free of any virus or other defects which > might affect any computer or IT system into which they are received, neither > Escalate Retail nor any of its affiliates shall be liable for any loss or > damage arising in any way from the receipt or use thereof.
