Hi List,
Just joined and have a scenario I need to crack ...
1. Ossec monitors file system file integrity.
2. Change control system updates files e.g. /etc/passwd
3. Change control system notifies ossec of new files to update md5/sha1
checksums BUT not alert because is authorized change.
(that's the gist ... it a lot more complicated on the auth side but for
this illustration its enough)
Does anyone run a similar installation as the above? Does ossec have a
command line call you update a file but not alert?
Many thanks
/Nick
