<!-- s -->
<rootcheck>
<rootkit_files>/usr/local/ossec-hids/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/usr/local/ossec-hids/etc/shared/rootkit_trojans.txt</rootkit_trojans>
</rootcheck>
<!-- /s -->
Those files are the defaults listed, though I had to edit the directory
to match FreeBSD 10.1.
There's a system_audit_rcl.txt file in that directory also. Is that
supposed to be listed under <rootcheck> too?
--
fini
On 2015-01-26 10:58, dan (ddp) wrote:
On Mon, Jan 26, 2015 at 11:54 AM, <[email protected]> wrote:
Hi,
Still testing OSSEC 2.8.1 on FreBSD 10.1. Making good progress, but I
have a
line in the log file that I've not been able to find an answer for,
and
googling hasn't helped.
The line is "ossec-rootcheck: System audit file not configured". I
have
debug enabled, have run rootcheck_control -u all" and restarted, but
that
line still shows up in the log file
<!--/s -->
ossec-analysisd: INFO: Reading rules file: 'pix_rules.xml'
2015/01/26 11:35:58 ossec-rootcheck: System audit file not configured.
2015/01/26 11:35:58 ossec-analysisd: INFO: Reading rules file:
'named_rules.xml'
<!-- /s -->
Any clues?
What does your <rootcheck> configuration look like?
--
fini
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
