Hey guys, So I am researching something for our sysengs working on HPUX. We need to be able to audit a particular configuration file (or more) where a debugging flag can be added (which in turn would begin outputting files containing sensitive data to another directory on the system).
Essentially, we want to be alerted if this debugging flag is ever turned on. The first thought was if there is an audit tool equivalent for HPUX (auditd or snoopy) but the syseng mentioned not as far as he knows, so that's not an immediate option. Is it possible to use OSSEC for this purpose? The only thing I can think of is using syscheck, with the 'report changes' option on, and then sending out an alert whenever the "debug" keyword is seen. But I'm not sure that would even be possible. Can anyone shed some light or offer suggestions?
