On 05/07/2011 11:00 AM, Frank Stefan Sundberg Solli wrote:
Hi Michael, thanks for replying.Normally (I think?) rootcheck only checks specified files, while i want it to check a custom directory recursively and check for signatures that ive written and do it live.
You could set up an active response based on the rule which detects the new file added. That response can then run rootcheck: http://www.ossec.net/main/rootcheck
