Hi! We recently installed OSSEC in order to comply with integrity checking
standards. The computer we're interested in monitoring scans checks on a
daily basis and processes financial information. I am obviously new to
OSSEC, but I managed to install a virtual appliance server and then an
agent on the computer of interest (Windows XP). I have been reading the
documentation, but I'm still having trouble with a few things and I'm
extremely confused as to how to proceed. The server successfully connects
to the agent. My problem lies in the configuration.
First, what configuration file am I interested in modifying? The one on the
server, or the one in the agent? On the server side, do I modify ossec.conf
or agent.conf?
Also, we weren't given any information on the specific files or logs we
needed to monitor. The computer, as mentioned before, scans checks and
credit card information, and regularly has access to bank portals. How do I
configure OSSEC to deal with this specific case? I don't know what section
to modify, what files to look at, and what information to report on. If you
have any specific examples, I would really appreciate it.
Also, we haven't been receiving any email notifications of any sort. We're
using a public smtp address, since our mail server requires authentication
and we didn't know how to address this with Ossec. Our configuration looks
as follows
<global>
<email_notification>yes</email_notification>
<email_to>[email protected]</email_to>
<smtp_server>207.115.36.26</smtp_server>
<email_from>[email protected]</email_from>
</global>
I apologize for the multiple questions. I'm trying to take advantage of all
the capabilities of such an amazing tool. Thank you!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
