Hi Christopher, I have a doubt, the config file that syscheck takes as an argument, has to be a separate config file, means, there will be 2 ossec.conf's, one as an argument for syscheck, and the other being the normal ossec.conf ??
I tried the same today. I was using the following command: /var/ossec/bin/ossec-syscheckd -c /etc/<directory-name> But the same dosen't work. Ne idea, where am I going wrong ? Regards Tanishk >> syscheck has a "-c" option to specify a config file when it is run. >> >> >> >> You can try setting up a cron job that will run syscheck every 3 hours >> and specify a control file that contains the list of the 3 files you >> want to check. Put the other files in the ossec.conf file. >> >> >> >> Just a thought, I haven't tried this. >> -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Thursday, December 09, 2010 3:17 AM To: [email protected] Subject: Re: [ossec-list] Running Integrity Checking at different Instances Good points. On Wed, Dec 8, 2010 at 4:40 PM, Vitaly Nikolaev <[email protected]> wrote: > > If intruder shut down OSSEC - you will get notification. > > cron job will defeat the idea of having centralized configuration > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) > Sent: Wednesday, December 08, 2010 4:35 PM > To: [email protected] > Subject: Re: [ossec-list] Running Integrity Checking at different Instances > > On Wed, Dec 8, 2010 at 4:31 PM, Vitaly Nikolaev <[email protected]> wrote: >> >> >> cron job on server or agent ? If second then it can be disabled by... >> intruder and thus "less secure" >> >> >> > > It would be on the agent. And an intruder could just shut down OSSEC. > >> >> >> From: [email protected] [mailto:[email protected]] >> On Behalf Of Christopher Moraes >> Sent: Wednesday, December 08, 2010 4:23 PM >> To: [email protected] >> Subject: Re: [ossec-list] Running Integrity Checking at different >> Instances >> >> >> >> syscheck has a "-c" option to specify a config file when it is run. >> >> >> >> You can try setting up a cron job that will run syscheck every 3 hours >> and specify a control file that contains the list of the 3 files you >> want to check. Put the other files in the ossec.conf file. >> >> >> >> Just a thought, I haven't tried this. >> >> >> >> >> >> On Wed, Dec 8, 2010 at 3:57 PM, tanishk lakhaani >> <[email protected]> >> wrote: >> >> Hi People !!! >> >> Can we tweak OSSEC to run integrity checking for different file fat >> different instances. I mean to say: suppose I have 6 files to monitor >> for Integrity checking.... I want that the integrity checking on 3 of >> them to be in every 3 hours, whereas for the rest to be every 10 hours. >> >> >> >> Any idea, if I can tweak it like this. >> >> >> >> Regards >> >> Tanishk >> >> >> >> ________________________________ >> This message (including attachments) is private and confidential. If >> you have received this message in error, please notify us and remove >> it from your system. >> > > ________________________________ > > This message (including attachments) is private and confidential. If you have received this message in error, please notify us and remove it from your system. >
