Thank you for your time* (not enough cofee yet) On Thu, Apr 9, 2015 at 12:36 PM, Ricardo Perre <[email protected]> wrote:
> Yes, done it and it works. > Thank your for time. > > On Thu, Apr 9, 2015 at 12:35 PM, dan (ddp) <[email protected]> wrote: > >> >> On Apr 9, 2015 6:20 AM, "Ricardo Perre" <[email protected]> wrote: >> > >> > Thanks for you reply. >> > Can you be more specific? >> > What should i remove from that script? Should I read the code and >> figure it out? >> > >> >> I'm not looking at the code right now, but i think the daemons are all >> listed in a DAEMONS variable. Just remove ossec-syscheckd from that >> variable. >> >> > On Thu, Apr 9, 2015 at 12:17 PM, dan (ddp) <[email protected]> wrote: >> >> >> >> >> >> On Apr 9, 2015 6:06 AM, "Ricardo Perre" <[email protected]> wrote: >> >> > >> >> > Hi, >> >> > >> >> > I've removed all syscheck configs from agent.conf (also from >> ossec-agent.conf). >> >> > My conf looks like this: >> >> > >> >> > <agent_config os="Linux"> >> >> > <!-- Files to monitor (localfiles) --> >> >> > <localfile> >> >> > <log_format>syslog</log_format> >> >> > <location>/var/log/messages</location> >> >> > </localfile> >> >> > >> >> > <localfile> >> >> > <log_format>syslog</log_format> >> >> > <location>/var/log/secure</location> >> >> > </localfile> >> >> > >> >> > <localfile> >> >> > <log_format>syslog</log_format> >> >> > <location>/var/log/maillog</location> >> >> > </localfile> >> >> > >> >> > <localfile> >> >> > <log_format>apache</log_format> >> >> > <location>/var/log/httpd/error_log</location> >> >> > </localfile> >> >> > >> >> > <localfile> >> >> > <log_format>apache</log_format> >> >> > <location>/var/log/httpd/access_log</location> >> >> > </localfile> >> >> > >> >> > <localfile> >> >> > <log_format>syslog</log_format> >> >> > <location>/var/ossec/logs/active-responses.log</location> >> >> > </localfile> >> >> > >> >> > </agent_config> >> >> > >> >> > When I start the agent I get: >> >> > ossec-syscheckd: WARN: Syscheck disabled. >> >> > (...) >> >> > ossec-syscheckd: INFO: Started (pid: 24096). >> >> > ossec-rootcheck: INFO: Started (pid: 24096). >> >> > >> >> > So, it says syscheck is disabled, but it starts anyway. >> >> > >> >> > My goal its to disable it. >> >> > >> >> > Any ideas? >> >> > Thank you for your time. >> >> > >> >> > >> >> >> >> Remove it from the ossec-control script. >> >> >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/P6iMIZC7o9I/unsubscribe. >> >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> >> >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > >> > >> > >> > -- >> > Ricardo Perre >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/ossec-list/P6iMIZC7o9I/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Ricardo Perre > -- Ricardo Perre -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
