Apologies if this has been answered before but I couldn't find any information about this. I'm also new to OSSEC.
How does an agent based install of OSSEC detect or prevent the modification of the agent itself? For example, what's to stop someone replacing the agent with their own custom binary to do god-knows what? Are there any best practices to prevent this? I'm aware that an agentless install can help mitigate this however the sshd binary would possibly be a weak point there. Also you lose some of the nicer features of the agent based install. Also am I right in thinking the file integrity database is also stored locally and open to modification in a local only install? John. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
