If an attacker managed to enter the machine and gain privileged access, it can read the configuration files if the OSSEC installed as local. Thus, you can use a directory or file not monitored to carry out the attack, or even modify the file rules.
Em 22-03-2012 18:16, Nelson, James escreveu: > > The vast majority of log data is not encrypted to begin with, so how > do you figure it's a vulnerability? At most, transmission between > agent and master could be considered vulnerable but you can set it up > to use secure transmission which would be encrypted. > > > > James > > ------------------------------------------------------------------------ > > *From:*[email protected] > [mailto:[email protected]] *On Behalf Of *Michel Henrique > Aquino Santos > *Sent:* Thursday, March 22, 2012 3:54 PM > *To:* [email protected] > *Subject:* Re: [ossec-list] Database and File rules encrypted? > > > > Thanks for the reply. This is not good because it creates a > vulnerability in the system. > > Att. > > Em 22-03-2012 17:33, dan (ddp) escreveu: > > Neither are encrypted in OSSEC. > > On Thu, Mar 22, 2012 at 4:22 PM, Michel Henrique Aquino Santos > <[email protected]> <mailto:[email protected]> wrote: >> Hello, >> >> I'm doing an paper on university study (Federal University of Lavras - UFLA >> - www.ufla.br <http://www.ufla.br>), comparing four tools for checking >> integrity of files >> (Tripwire, OSSEC, AIDE and Samhain). >> I need some information about the tool OSSEC. >> The generated database (snapshot) is encrypted? The rules file is encrypted? >> >> >> Sorry my english, I can not write correctly. >> I await response. >> Thank you! >> >> -- >> Att, >> >> Michel Henrique Aquino Santos >> Bacharelado em Ciência da Computação >> Universidade Federal de Lavras - UFLA >> Skype: michel_has >> Gtalk: michel.has >> [email protected] <mailto:[email protected]> >> >> Linux User # 496756 >> >> http://resolvidoslinux.blogspot.com/ > > > > > -- > Att, > > *Michel Henrique Aquino Santos* > Bacharelado em Ciência da Computação > Universidade Federal de Lavras - UFLA > Skype: michel_has > Gtalk: michel.has > [email protected] <mailto:[email protected]> > > Linux User # 496756 > > http://resolvidoslinux.blogspot.com/ > -- Att, *Michel Henrique Aquino Santos* Bacharelado em Ciência da Computação Universidade Federal de Lavras - UFLA Skype: michel_has Gtalk: michel.has [email protected] Linux User # 496756 http://resolvidoslinux.blogspot.com/
