Is this something people would be interested in if we put some dev time into it? We would create some kind of change daemons for both Linux puppet style change control systems and Windows SCCM change control system. (exact details to be fleshed out if the interest is there)
Regards /nick -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Wednesday, September 07, 2011 6:46 PM To: [email protected] Subject: Re: [ossec-list] OSSEC syscheckd and Change Control Systems There's currently no way to do this. On Wed, Sep 7, 2011 at 12:26 PM, Nick Green <[email protected]> wrote: > Hi List, > > Just joined and have a scenario I need to crack ... > > 1. Ossec monitors file system file integrity. > 2. Change control system updates files e.g. /etc/passwd 3. Change > control system notifies ossec of new files to update md5/sha1 > checksums BUT not alert because is authorized change. > > (that's the gist ... it a lot more complicated on the auth side but > for this illustration its enough) > > Does anyone run a similar installation as the above? Does ossec have a > command line call you update a file but not alert? > > > Many thanks > > /Nick
