Hi Chad, On Wed, Feb 23, 2011 at 3:08 PM, Chad Hammond <[email protected]> wrote: > I see this and what I am understanding is I would get an alert if new files > were created correct? I would also like an alert if files were deleted and by > who. >
You can get alerts for new files and for files being deleted (moved, deleted, whatever). Unless you can setup the operating system to keep track of who deleted the file, OSSEC won't be able to tell you. Find out how to get your OS to tell OSSEC who deleted the file, and we can help you create an alert for it. dan > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Jason 'XenoPhage' Frisvold > Sent: Wednesday, February 23, 2011 12:51 PM > To: [email protected] > Subject: Re: [ossec-list] File and folder monitoring > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/23/2011 01:12 PM, Chad Hammond wrote: >> How do I setup file and folder monitoring on a directory? >> >> Any help with this would be greatly appreciated. > > Add a syscheck section to your ossec.conf and/or agent.conf file : > > <syscheck> > <frequency>7200</frequency> > > <auto_ignore>no</auto_ignore> > <alert_new_files>yes</alert_new_files> > > <directories check_all="yes">/etc</directories> > <syscheck> > > >> Chad Hammond > > - -- > - --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.16 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1lVzAACgkQ8CjzPZyTUTQ1NgCgpcXbhIpIvSRYT0yfnMqF1tzB > nkMAoKL1DDux85mdiM/RQfl9fuk5jisV > =IQFp > -----END PGP SIGNATURE----- > > Chad Hammond > Systems Administrator > Northland Group > 7831 Glenroy Rd > Edina, MN 55439 > Direct 952-837-0625 > > -------------------------------------------------------------------------- > THIS MESSAGE, INCLUDING ANY ATTACHMENTS, IS CONFIDENTIAL AND PROPRIETARY, > AND MAY CONTAIN PRIVILEGED INFORMATION. IF YOU HAVE RECEIVED THIS > TRANSMISSION IN ERROR, PLEASE NOTIFY THE SENDER BY RETURN E-MAIL AND DELETE > THIS MESSAGE FROM YOUR SYSTEM. ANY UNAUTHORIZED USE OF THIS MESSAGE, IN WHOLE > OR IN PART, IS STRICTLY PROHIBITED. PLEASE NOTE THAT EMAILS ARE SUSCEPTIBLE > TO TAMPERING. NORTHLAND GROUP, INC. SHALL NOT BE LIABLE FOR THE IMPROPER OR > INCOMPLETE TRANSMISSION OF THE INFORMATION CONTAINED IN THIS COMMUNICATION, > NOR FOR ANY DELAY IN ITS RECEIPT OR DAMAGE TO YOUR SYSTEM. NORTHLAND GROUP, > INC. DOES NOT GUARANTEE THAT THE INTEGRITY OF THIS COMMUNICATION HAS BEEN > MAINTAINED, NOR THAT THIS COMMUNICATION IS FREE FROM VIRUSES, INTERCEPTIONS > OR INTERFERENCE >
