Does OSSEC give precedence to the most specific or least specific entry in syschecks? For example if I set /var to check all and /var/log to check only ownership, will OSSEC check all on /var/log or will the more specific check take precedence.
In Samhain, only the more specific check would apply, but my sense is that the opposite is true with OSSEC. I've also found no apparent way to set the level of recursion so I could limit the /var 'check all' to only the top level. If what I suspect is true, is there any other way to apply different checks to nested directories than what's applied at the top level? _______________________ *Steve MacDougall* | *Sr. Systems/Network Administrator* BluePay Canada o: 647.258.3704 m: 289.924.1806 e: [email protected] w: www.bluepay.ca <http://cp.mcafee.com/d/5fHCMUpdEI9zxPdTQnztPqdSkT4QS6bCQrIFK9FIffCQrIFK9FIc8CQrI8LIInpKr4t1lJfZ2Ibr53BPtJfZ2Ibr53BPrXZNNEVhvvW_f8K6zAQsIZuVtdeWf8Icc6zBVfBHEShhlKqemul3PWApmU6CQjqpK_9TLuZXTLsTsS0287J-JFrHqrlgQzYdBg543S_mQJOVJ5ZBWVI5-Aq81Ejd40N8z3pJNYSyqejqCz8Lerw> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
