Hi,
We are progressing OSSEC deployment for our management systems, and would
like to know few typical configurations and use cases to enable alerting.
These are few configurations and tests we thought of:
1. Create a new file under each directory /etc,/usr/bin,/usr/sbin
directory.
2. Delete an existing file (above created file) from /etc.
3. Modify file permissions in a directory (/etc)
4. Rename a file to different name under a directory (/etc)
5. Stop firewall iptables in client VM running OSSEC agent.
6. Create a new user in client VM running OSSEC agent.
7. Modify a configuration file under /etc (example: - /etc/passwd).
8. Access client VM from a different ssh shell with wrong password.
Could you share what more we can try here?
Thanks!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
