On Apr 9, 2015 6:20 AM, "Ricardo Perre" <[email protected]> wrote: > > Thanks for you reply. > Can you be more specific? > What should i remove from that script? Should I read the code and figure it out? >
I'm not looking at the code right now, but i think the daemons are all listed in a DAEMONS variable. Just remove ossec-syscheckd from that variable. > On Thu, Apr 9, 2015 at 12:17 PM, dan (ddp) <[email protected]> wrote: >> >> >> On Apr 9, 2015 6:06 AM, "Ricardo Perre" <[email protected]> wrote: >> > >> > Hi, >> > >> > I've removed all syscheck configs from agent.conf (also from ossec-agent.conf). >> > My conf looks like this: >> > >> > <agent_config os="Linux"> >> > <!-- Files to monitor (localfiles) --> >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/var/log/messages</location> >> > </localfile> >> > >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/var/log/secure</location> >> > </localfile> >> > >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/var/log/maillog</location> >> > </localfile> >> > >> > <localfile> >> > <log_format>apache</log_format> >> > <location>/var/log/httpd/error_log</location> >> > </localfile> >> > >> > <localfile> >> > <log_format>apache</log_format> >> > <location>/var/log/httpd/access_log</location> >> > </localfile> >> > >> > <localfile> >> > <log_format>syslog</log_format> >> > <location>/var/ossec/logs/active-responses.log</location> >> > </localfile> >> > >> > </agent_config> >> > >> > When I start the agent I get: >> > ossec-syscheckd: WARN: Syscheck disabled. >> > (...) >> > ossec-syscheckd: INFO: Started (pid: 24096). >> > ossec-rootcheck: INFO: Started (pid: 24096). >> > >> > So, it says syscheck is disabled, but it starts anyway. >> > >> > My goal its to disable it. >> > >> > Any ideas? >> > Thank you for your time. >> > >> > >> >> Remove it from the ossec-control script. >> >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to a topic in the Google Groups "ossec-list" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/topic/ossec-list/P6iMIZC7o9I/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to [email protected]. >> >> For more options, visit https://groups.google.com/d/optout. > > > > > -- > Ricardo Perre > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
