I misunderstood, I thought you were talking about policy auditing within OSSEC relating to the OS. /var/log/secure alerting should suffice in correlating file changes.
On Friday, November 9, 2012 1:04:53 PM UTC-6, dan (ddpbsd) wrote: > > On Fri, Nov 9, 2012 at 1:45 PM, mcrane0 <[email protected] <javascript:>> > wrote: > > Can you elaborate on this? It is a UNIX environment, would this tell us > > what user made changes to a file in conjunction with file integrity > alerts? > > > > No, I cannot. Consult your UNIX admin. You might also want to find out > which UNIX you are using, I think that may play a role in answering > your questions. > > > On Friday, November 9, 2012 12:13:53 PM UTC-6, dan (ddpbsd) wrote: > >> > >> On Fri, Nov 9, 2012 at 1:04 PM, mcrane0 <[email protected]> wrote: > >> > Subject says it all. I'd like to know if it's possible to have > Syscheck > >> > or > >> > the File Integrity monitoring tools record what user made the change > as > >> > part > >> > of it's alerting capabilities. > >> > > >> > Thanks! > >> > >> That's still not an option. You might be able to utilize the auditing > >> functionality of your OS to log file changes and trigger alerts on > >> those log messages. >
