Please ignore my previous email. I got email stating that you would return on 27/12/2011. Therfore, I tired doing few things again. I changed few setting in ossec.conf but its nearly as same to default setting. before I tried any of below commands I used #touch /bin/ls #touch /bin/ps then i performed #/var/ossec/bin/ossec-syscheckd start then, i went to see the log file #tail /var/ossec/logs/ossec.log then i saw that it was scanning. I could see it in log file that it was monitoring directories and then started syscheck database and then started syscheck rootcheck scan
The thing I don't understand is Unlike Aide and Samhain why am i not being able to perform scan and then get notifications of changes that i had done. I didn't even get any log message in alerts.log. I am confused. I just want to test if OSSEC can successfully detect rootkits, file tampering and then report or notify when i perform scan. I would really appreciate if anyone could help me. On Sun, Dec 25, 2011 at 12:51 PM, metal <[email protected]> wrote: > Hello, I am newbie and i just installed OSSEC local in my VMware. > I have read most of the rules and how it works but for time being I > would like to try it on my default configuration. > > I have been trying to run a scan on my ubuntu server but i am not > being able to do that. I have searched but i can only find it how do > it on agent. > > I have installed a rootkit on my ubuntu server and i have modified ls. > Now just want to detect those changes but I am not being able to run a > scan which you evetually scan and notify me about changes. > > I have started my ossec-control and after that i'm hopeless i didn't > understand what to do. I just find information on agents and server. > Please do help me.
