Hi, I seems that the equivalent to *inotify* in Solais is *File Event Notification* : https://solarisrants.wordpress.com/2013/07/24/solaris-file-event-notification/
It could be added to OSSEC. Regards. On Friday, September 9, 2016 at 2:20:35 PM UTC+2, dan (ddpbsd) wrote: > > On Fri, Sep 9, 2016 at 8:17 AM, Stephen LuShing <[email protected] > <javascript:>> wrote: > > Actually - I perform a search on the Solaris repository and this is what > I > > found: > > > > root@solumdr1:~# pkg search libnotify > > INDEX ACTION VALUE > > PACKAGE > > pkg.fmri set solaris/library/libnotify > > pkg:/library/[email protected] > > pkg.summary set Python 2.6 bindings for libnotify > > pkg:/library/python-2/[email protected] > > pkg.summary set Python 2.7 bindings for libnotify > > pkg:/library/python/[email protected] > > com.oracle.info.description set libnotify is a notification system > for > > the GNOME desktop environment. > pkg:/library/[email protected] > > com.oracle.info.description set Python bindings for libnotify > > pkg:/library/python-2/[email protected] > > com.oracle.info.description set Python bindings for libnotify > > pkg:/library/python/[email protected] > > com.oracle.info.name set libnotify > > pkg:/library/[email protected] > > basename dir usr/include/libnotify > > pkg:/library/[email protected] > > basename dir usr/share/gtk-doc/html/libnotify > > pkg:/library/[email protected] > > > > > > So it is possible that the libnotify is available but not sure if this > will > > work - will look into it more. > > > > That's probably https://developer.gnome.org/libnotify/ which isn't the > same as inotify. > > > Steve Lushing > > > > On Fri, Sep 9, 2016 at 8:08 AM, Stephen LuShing <[email protected] > <javascript:>> wrote: > >> > >> We are using solaris 11 and soalir 10 OS. I used the option because the > >> configuration was used in Linux and I figure to use the same option - > if > >> realtime is not supported then I can remove it from the configuration. > >> > >> On Fri, Sep 9, 2016 at 6:28 AM, dan (ddp) <[email protected] > <javascript:>> wrote: > >>> > >>> On Thu, Sep 8, 2016 at 2:40 PM, Stephen LuShing <[email protected] > <javascript:>> > >>> wrote: > >>> > I install ossec in solaris and trying to check some directories so I > >>> > setup > >>> > the following in ossec.conf > >>> > > >>> > > >>> > <!-- Directories to check (perform all possible verifications) > >>> > changed > >>> > made by steve --> > >>> > <directories report_changes="yes" realtime="yes" > >>> > check_all="yes">/etc,/usr/bin,/usr/sbin,/usr/sfw/bin</directories> > >>> > <directories report_changes="yes" realtime="yes" > >>> > check_all="yes">/bin,/sbin,/usr/ccs/bin</directories> > >>> > <alert_new_files>yes</alert_new_files> > >>> > > >>> > When I started - I get the WARN message - will ossec check for it > will > >>> > be > >>> > ignored. > >>> > > >>> > >>> What facility on Solaris would OSSEC use to get realtime information? > >>> > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/etc'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/usr/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/usr/sbin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/usr/sfw/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/sbin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: INFO: Monitoring directory: > >>> > '/usr/ccs/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/etc'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/usr/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/usr/sbin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/usr/sfw/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/bin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/sbin'. > >>> > 2016/09/08 14:36:03 ossec-syscheckd: WARN: Ignoring flag for real > time > >>> > monitoring on directory: '/usr/ccs/bin'. > >>> > > >>> > > >>> > Stephen LuShing > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to [email protected] <javascript:>. > >>> > For more options, visit https://groups.google.com/d/optout. > >>> > >>> -- > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "ossec-list" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to [email protected] <javascript:>. > >>> For more options, visit https://groups.google.com/d/optout. > >> > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
