Thanks for the information and great answers
Matthew Ayres
ProObject Systems Administrator
[email protected]
PH 410-993-1699
FAX 410-993-1691
_____
From: dan (ddp) [mailto:[email protected]]
To: [email protected]
Sent: Thu, 02 Dec 2010 16:08:48 -0500
Subject: Re: [ossec-list] I have some questions about the operation OSSEC
On Thu, Dec 2, 2010 at 3:54 PM, Matthew Ayres <[email protected]> wrote:
> Question #1
> How often is the rook kit signatures update and how can I get a
> report on them being updated or update them my self
>
Updates are put out with releases. Intermediate snapshots are
occassionally created, and have been pretty stable in my experience.
They're another option, but YMMV.
> Question #1
> Syscheck how does that work exactly. What I am wondering is every
> time I run update some files are going to change. If I update all my systems
> at one time then I am going to get a lot of alerts of changed files. Is
> there a way to have a base system that it checks the files against? Or is it
> smart enough to see that the file has changed every ware and assume it is an
> update ?
>
You'll get a lot of alerts.
> Thanks for your help
>
> Matthew Ayres
> ProObject Systems Administrator
> [email protected]
> PH 410-993-1699
> FAX 410-993-1691
>
>
