Absolutely! I'm not a coder, but can help test. Patrick Swartz
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Nick Green Sent: Monday, September 12, 2011 5:57 AM To: [email protected] Subject: RE: [ossec-list] OSSEC syscheckd and Change Control Systems Is this something people would be interested in if we put some dev time into it? We would create some kind of change daemons for both Linux puppet style change control systems and Windows SCCM change control system. (exact details to be fleshed out if the interest is there) Regards /nick -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of dan (ddp) Sent: Wednesday, September 07, 2011 6:46 PM To: [email protected] Subject: Re: [ossec-list] OSSEC syscheckd and Change Control Systems There's currently no way to do this. On Wed, Sep 7, 2011 at 12:26 PM, Nick Green <[email protected]> wrote: > Hi List, > > Just joined and have a scenario I need to crack ... > > 1. Ossec monitors file system file integrity. > 2. Change control system updates files e.g. /etc/passwd 3. Change > control system notifies ossec of new files to update md5/sha1 > checksums BUT not alert because is authorized change. > > (that's the gist ... it a lot more complicated on the auth side but > for this illustration its enough) > > Does anyone run a similar installation as the above? Does ossec have a > command line call you update a file but not alert? > > > Many thanks > > /Nick ----------------------------------------- The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify First Data immediately by replying to this message and deleting it from your computer.
