Not sure what platform you're on, but we build an RPM package and set any important configuration files up with the config(noreplace) directive to prevent them from being overwritten on updates.
On Wed, Oct 20, 2010 at 1:49 PM, McClinton, Rick < [email protected]> wrote: > From: [email protected] [mailto:[email protected]] On > Behalf Of Derek Morris > Sent: Wednesday, October 20, 2010 2:11 PM > To: [email protected] > Subject: Re: [ossec-list] Day 4: What bugs you: problems, challenges and > room for improvement. > > I would have to say the Upgrade process. I have to do a diff on numerous > rules files that i have edited and takes quite a bit of pain staking work to > complete. > === > > Maybe I'm not as extensive in my modifications, for example, I have never > written a decoder, but I feel this is a process issue for you. I keep my > rules in local_rules.xml. If I want to modify a 'stock' rule I copy it to > local_rules.xml and use the 'overwrite=yes' option. I've never had anything > but the most smoothness during upgrades. > Don't modify the default OSSEC files; they don't belong to you, they belong > to dcid :) > > > > > > > This message contains TMA Resources confidential information and is > intended only for the individual named. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail. Please notify > the sender immediately by e-mail if you have received this e-mail by mistake > and delete this e-mail from your system. E-mail transmission cannot be > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. > The sender therefore does not accept liability for any errors or omissions > in the contents of this message which arise as a result of e-mail > transmission. If verification is required please request a hard-copy > version. >
