Re: [ossec-list] Detecting new files, and running a custom shared/rootkit.txt check against them

Michael Starks Sat, 07 May 2011 08:58:07 -0700

On 05/07/2011 04:51 AM, frankstefan wrote:

Hi.


Scenario:

A user uploads evil.file to /home/shared/webusers/username OSSEC then
will detect a new file in /home/shared/webusers and run a custom
syscheck/rootcheck against the newly added files

Can I do this?

What do you want the custom rootcheck/syscheck to do, besides what itwould ordinarily do?

Re: [ossec-list] Detecting new files, and running a custom shared/rootkit.txt check against them

Reply via email to