Hi, Thanks for the tip. After a quick test it seems to do the job.
Sébastien Le dimanche 16 août 2015 00:18:23 UTC+2, Santiago Bassett a écrit : > > Hi, > > you can use full_command option (fdisk or similar) with check_diff. Here > is the documentation: > > > http://ossec-docs.readthedocs.org/en/latest/manual/monitoring/process-monitoring.html > > Best > > On Fri, Aug 14, 2015 at 2:38 AM, <[email protected] <javascript:>> > wrote: > >> Hello, >> >> I am trying to monitor partitions (windows or Linux) with Ossec but >> apparently it seems impossible. >> Basically I just want to check if the rights on the partitions are >> modified (/dev/sdaX or C:). >> >> Has someone already succeeded in doing that? >> >> Sébastien >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
