I like this thread. Has anyone written any rules that just sit and report hardware changes, the new program installed I already have.
On Tuesday, September 10, 2013 at 4:17:23 PM UTC-4, Weezel wrote: > > Has anyone used OSSEC for software inventory? I'd like to: > > a) Be able to compile a list of systems that have a certain package > installed (which I am content to do with script-foo on the server). > b) Be informed via syslog or email of (un)installations of packages. > > My initial attempt (on Redhat and clones) has been to use process > monitoring on the "rpm -qa | sort" command periodically along check_diff to > alert on changes. For some systems, especially desktops that can have > thousands of installed packages in our environment, it seems that there are > too many characters are being returned by the rpm command and output is > getting truncated, and changes to packages that sort closer to the end of > the alphabet are being missed. > > Is there an easier way to go about this? > > Here's where I was getting my notes on process monitoring from: hxxp:// > www.ossec.net/doc/manual/monitoring/process-monitoring.html > > Thanks in advance! > > Weezel > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
