I believe Syscheck checks files only; it does not check directory name or permission changes.
On Tuesday, March 4, 2014 7:41:34 AM UTC-8, Abhi T wrote: > > Hi, > > I am using OSSEC to monitor a particular directory for changes. It's > working wonderfully for all the files in that directory(Including files in > sub-directories). Getting reports on file addition, deletion etc. > > Another thing which I would like to have is to get reports on > Directory(addition, deletion, rename) and permissions changes on a > directory. Currently, OSSEC seems to be reporting for these changes only on > a file level. Is that by design? or could I be missing something in the > configuration. > > I have added following items: > > <directories check_all="yes" realtime="yes" report_changes="yes">Directory > Path</directories> > <alert_new_files>yes</alert_new_files> > > Following added to local rules: > > <rule id="100101" level="10"> > <if_sid>554</if_sid> > <category>ossec</category> > <decoded_as>syscheck_new_entry</decoded_as> > <description>File added to the system.</description> > <group>syscheck,</group> > </rule> > > It's working perfectly for files, but no alert on directories(Add, delete, > rename). Any help / suggestions would be appreciated. > > Much Thanks.. > > ~ Abhi > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
