Hello guys, I'm writing some rootchecks rules and I would like to know if there is some way to verify if a parameter on config file is different from a value. For example, I would like to verify if the line "User" in httpd.conf is different from "User apache" and generate an alert if it is different, but I don't know how I can do it. The rule below just alert if it's true.
f:/usr/local/apache2/conf/httpd.conf -> !r:^# && r:^User\.+apache; -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
