On Dec 12, 2012 2:58 AM, "Vaclav Adamec" <[email protected]> wrote: > > Hello, > is there any chance configure OSSEC to make every log only appendable? Eg. setup automatically chattr -a for active logs and chattr -i for archive ? Because then If I remove CAP_LINUX_IMMUTABLE rights for root (until reboot) maybe I could cover more items in PCI scope. Thanks for any advice/suggestions > > Vasek
There's no option in ossec to do that. But you don't need ossec to do that, most unixy systems provide those capabilities.
