Are you referring to agent_control to kick off syscheck/rootcheck?
I'm also trying to play around with the actual rootcheck binary (./ossec-rootcheck) to accomplish the same thing, I seem to be having issues getting it to recognize the test file I'm working with. I'll have to play with it more. On Wed, Jun 15, 2011 at 12:37 PM, dan (ddp) <[email protected]> wrote: > You could use a command for this, and run it as often as you like. > > On Wed, Jun 15, 2011 at 12:46 PM, jplee3 <[email protected]> wrote: > > Hey guys, > > > > So I am researching something for our sysengs working on HPUX. We need > > to be able to audit a particular configuration file (or more) where a > > debugging flag can be added (which in turn would begin outputting > > files containing sensitive data to another directory on the system). > > > > Essentially, we want to be alerted if this debugging flag is ever > > turned on. > > > > The first thought was if there is an audit tool equivalent for HPUX > > (auditd or snoopy) but the syseng mentioned not as far as he knows, so > > that's not an immediate option. > > > > Is it possible to use OSSEC for this purpose? The only thing I can > > think of is using syscheck, with the 'report changes' option on, and > > then sending out an alert whenever the "debug" keyword is seen. But > > I'm not sure that would even be possible. > > > > > > Can anyone shed some light or offer suggestions? > > >
