>what user:group is supposed to own agent.conf. agent.conf should be root:ossec. read and write is irrelevant since you can always overwrite (since you are logged in as root).
> If I edit local_rules.xml, local_decoder.xml, or agent.conf, what user should I be modifying these files as? Short answer: root. I believe you can only access the ossec folder if you are signed in as root. Here are my permissions for decoder.xml and local_rules.xml ls -alt /opt/ossec/etc -rw-r----- 1 root ossec 100808 Aug 12 12:48 decoder.xml ls -alt /opt/ossec/rules -rw-r----- 1 root ossec 11495 Aug 12 10:55 local_rules.xml agent.conf should have the same permissions: -rw-r---- 1 root ossec Don't worry too much about the read and write permissions, you can always :!wq (overwrite) in vi after changes. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
