On Mon, Nov 24, 2014 at 9:10 AM, <[email protected]> wrote: > Hello, > > Technical environment: > OS: CentOS 6.4 > Ossec version: 2.7.1 > > I am currently encountering an issue with syscheck integrity. I am trying to > check the owner, group and permissions for several directories (/root for > example) with the following configuration on my Ossec server: > > <syscheck> > <directories realtime="no" report_changes="no" check_all="no" > check_sum="no" check_size="no" check_owner="yes" check_group="yes" > check_perm="yes">/etc/shadow,/etc/group,/etc/passwd,/root</directories> > </syscheck> > > But when I want to test the alerting by changing the permissions of /root > like this: > # chmod 777 /root > > No alert is triggered by Ossec...even if I wait several hours > > What am I doing wrong? >
I think you've configured it to look for files inside /root. You can verify this by looking for '/root' in the syscehck db for that system. I don't know of a way to specify a directory directly. > Thanking you in advance > Sébastien > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
