Hi,
I have noticed a problem when i was looking if OSSEC can meet PCI-DSS
requirements on detecting malicious modifications of log files 10.5.5. The
problem is that ossec-logcollector do it automatically and randomly without
any user contrĂ´l over this behavior.
It will be appreciated to add some more contrĂ´l over the way log file are
checked against malicious modifications like size reduction or deletion. for
example: adding an option in the <localfile> section:
<localfile>
<log_format>syslog</log_format>
<check_type>[SIZE_REDUCTION | DELETION]</check_type>
<check_interval>60</check_interval>
<location>/var/log/auth.log</location>
</localfile>
Thank you
On Wed, Oct 26, 2011 at 2:21 PM, James M Pulver <[email protected]> wrote:
> The biggest problem for me was the need to write scripts to deploy the
> agents, specifically on Windows clients. I expect the new auth-d would work
> on Linux but didn't seem to be supported on Windows.
>
> The second thing for me is the difficulty of getting the logs viewable in
> some web based method, but that has been done (almost to death) in the
> ossec-wui thread.
>
> --
> James Pulver
> Information Technology Area Supervisor
> LEPP Computer Group
> Cornell University
>
>
> -----Original Message-----
> From: [email protected] [mailto:[email protected]] On
> Behalf Of Michael Starks
> Sent: Wednesday, October 26, 2011 7:01 AM
> To: ossec-list
> Subject: [ossec-list] 3WoO Day 4: What bugs you: problems, challenges and
> room for improvement.
>
> List the most annoying bugs. What makes OSSEC difficult to use? What is
> the biggest area for improvement? What are we missing? Any rules fp too
> much? Now is the time to get it all out.
>
> --
> Michael Starks
> [I] Immutable Security
> http://www.immutablesecurity.com
>
