Hi, How can I know that I compiled with inotify properly. Any compilation log or anything reveals that?
After I had installed inotify-tools and inotify-tools-devel (both is x86_64 library), I re-compiled ossec. inotify-tools works well on my system On Thursday, July 11, 2013 1:16:13 AM UTC+7, dan (ddpbsd) wrote: > > On Wed, Jul 10, 2013 at 2:07 PM, Kai <[email protected] <javascript:>> > wrote: > > Hi, > > > > I am trying to monitor the integrity of the file: /etc/ssh/sshd_config > with > > the following configuration in ossec.conf at the client side: > > > > <directories check_all="yes" realtime="yes" > > report_changes="yes">/etc/ssh</directories> > > > > after restart agent, I tried to modify the content of > /etc/ssh/sshd_config > > but no alert was notified. > > > > I also installed both inotify-tools and inotify-tools-devel from epel > repo. > > I'm using amazon linux > > > > Anything wrong here? > > > > Are you sure syscheckd was compiled with inotify support? > Was a baseline scan already done? I don't think realtime does much > without the initial baseline. > If a syscheck scan runs, do you get the alert? > > > > -- > > Best regards, > > > > Duong Pham > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
