Hi, You said there is "anything sensitive" but.. OSSEC process alerts coming from Endpoints and all the info is security relevant so.. someone can use alerts info (IP's, directories, files, hostnames) for malicious purposes. Beside that, I don't think changing readable attributes will suppose a problem for OSSEC, just take in mind that alerts.log has a hardlink to alerts/year/month/ossec-alerts-todayday.log.
Regards, Pedro S. On Mon, Jun 27, 2016 at 10:04 AM, Guilherme Boing <[email protected]> wrote: > Why do you need it 'world readable' ? > You just need to add the nagios user to the ossec group. > > On Mon, Jun 27, 2016 at 1:33 PM, Tahir Hafiz <[email protected]> > wrote: > >> The permissions on the alerts.log are thus: >> -rw-r----- 2 ossec ossec 13949 Jun 27 17:07 alerts.log >> >> >> However, we need our Nagios nrpe agent (nagios user) to be able to read >> the file and then alert depending on the level that we have set for it to >> parse and alert on. >> Can anyone think of any problems making it world readable? I don't >> believe there is anything sensitive put in that file. >> >> The alternative would be to make the nagios user part of the ossec group, >> however, this means that nagios user would have power over the ossec >> process and files. >> >> >> >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
