Hello, is there any chance configure OSSEC to make every log only appendable? Eg. setup automatically chattr -a for active logs and chattr -i for archive ? Because then If I remove CAP_LINUX_IMMUTABLE rights for root (until reboot) maybe I could cover more items in PCI scope. Thanks for any advice/suggestions
Vasek
