On Thu, Jun 11, 2015 at 9:35 AM, Steve MacDougall <[email protected]> wrote: > Does OSSEC give precedence to the most specific or least specific entry in > syschecks? For example if I set /var to check all and /var/log to check only > ownership, will OSSEC check all on /var/log or will the more specific check > take precedence. > > In Samhain, only the more specific check would apply, but my sense is that > the opposite is true with OSSEC. I've also found no apparent way to set the > level of recursion so I could limit the /var 'check all' to only the top > level. > > If what I suspect is true, is there any other way to apply different checks > to nested directories than what's applied at the top level? >
No, and duplicating entries (defining /var and /var/log) can cause other issues. This is something that I think needs to be adjusted in the future, but it's not on my "short list." > _______________________ > Steve MacDougall | Sr. Systems/Network Administrator > BluePay Canada > > o: 647.258.3704 > m: 289.924.1806 > e: [email protected] > w: www.bluepay.ca > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
