The rootcheck files? Yes, they are. # pwd shows that all of them exist in the /shared
The # /var/adm do not - those are geared torwards Solaris Sun boxes and the agent I am testing it on is RHEL5. Not sure what the rootkit messages are. On Wednesday, June 19, 2013 5:08:22 PM UTC-4, David Blanton wrote: > > If I have a <directories check_all="yes">/usr/local/bin,/sbin</directories> > > and <ignore>/opt/lampp</ignore> within my ossec.conf file (for example), > does that mean that my agents will > > not abide by these rules? Are they only local rules for my OSSEC Server? > > Do these have to be specifically addressed for each agent, with their OS, > name, ect. within agent.conf in order > > for agents to either ignore certain directories or check certain files and > directories? > > > The OSSEC 2.7 documentation and book does not specifically make any of > these things clear. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
