On Wed, Dec 15, 2010 at 2:15 PM, carlopmart <[email protected]> wrote: > On 12/15/2010 08:10 PM, dan (ddp) wrote: >> >> On Wed, Dec 15, 2010 at 1:38 PM, carlopmart<[email protected]> wrote: >>> >>> On 12/15/2010 07:14 PM, [email protected] wrote: >>>> >>>> And the answer is E >>>> >>>> But I did remove some functionality from the server side >>>> >>>> I'm writhing a doc on it for the deployment team But basicali remove >>>> In ossec.conf the services you don’t want doubled up >>>> >>>> But first I installed the server in /opt/ossec-server >>>> Then did same install has agent in /opt/opt/ossec-agent >>>> >>>> Next started the server >>>> Then added the agent using mange agent on the server side >>>> >>>> Up t'il now no conflicts some tweaking of of the conf file >>>> To remove or add functionality >>>> >>>> But all this is in test mode to see if ossec will meet the >>>> Requirements of the Torquemada of this world(corp. security) >>>> >>>> Good luck >>>> Dan >>>> >>> >>> Thanks Dan. >>> >>> I have installed ossec as a server disabling rootchek, syscheck and >>> active >>> response. But when I launch ossec init script syscheckd is started. How >>> can >>> I prevent to start syscheckd?? >>> >>> Thanks. >>> -- >>> CL Martinez >>> carlopmart {at} gmail {d0t} com >>> >> >> I think, in the syscheck section, you can add >> <disabled>yes</disabled>. I don't see it in the documentation, but I >> see references in the source to it (which I can't dig into very much). >> I kind of remember there being a similar optionf or rootcheck. >> > > I have tried it, and doesn't works. Syscheckd is started ... > > > -- > CL Martinez > carlopmart {at} gmail {d0t} com >
But does it do anything? If the process runs but doesn't do anything does it matter that it runs? You can also stop it from running by modifying the ossec-control script. It's an easy little hack.
