On Wed, Jul 10, 2013 at 2:07 PM, Kai <[email protected]> wrote: > Hi, > > I am trying to monitor the integrity of the file: /etc/ssh/sshd_config with > the following configuration in ossec.conf at the client side: > > <directories check_all="yes" realtime="yes" > report_changes="yes">/etc/ssh</directories> > > after restart agent, I tried to modify the content of /etc/ssh/sshd_config > but no alert was notified. > > I also installed both inotify-tools and inotify-tools-devel from epel repo. > I'm using amazon linux > > Anything wrong here? >
Are you sure syscheckd was compiled with inotify support? Was a baseline scan already done? I don't think realtime does much without the initial baseline. If a syscheck scan runs, do you get the alert? > -- > Best regards, > > Duong Pham > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
