Hi
Ok, so , are those global variables ? I thought I had to specify for every 
tag to which directory I wan it to apply that configuration, that's why I 
included root and home on both, realtime and check_all.

<directories 
check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin</directories>
<directories realtime="yes" check_all="yes">/root,/home,/etc</directories>


So, do I have to include the directories right? make sense, my bad.
<directories report_changes="yes"></directories>
<directories check_sum="yes"></directories>
<directories check_size="yes"></directories>
<directories check_owner="yes"></directories>
<directories check_group="yes"></directories>
<directories check_perm="yes"></directories>


Thank you very much
Best Regards


El miércoles, 12 de octubre de 2016, 20:19:08 (UTC-3), dan (ddpbsd) 
escribió:
>
> On Oct 12, 2016 4:49 PM, "Kernel Panic" <netwar...@gmail.com <javascript:>> 
> wrote:
> >
> > Hi there guys,
> >
> > When starting the agent I've get this info:
> >
> > Starting ossec-hids: 2016/10/12 15:43:05 ossec-agentd: INFO: Using 
> notify time: 600 and max time to reconnect: 1800
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: '/root'.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: ''.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: ''.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: ''.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: ''.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: ''.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: '/etc'.
> > 2016/10/12 15:43:05 ossec-config(1756): ERROR: Duplicated directory 
> given: '/bin'.
> >
> > 2016/10/12 15:43:11 ossec-syscheckd: INFO: Monitoring directory: ''.
> >
> > This is what I configured:
> >
> > <!-- Directories to check  (perform all possible verifications) -->
> >     <directories 
> check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin</directories>
> >     <directories realtime="yes" 
> check_all="yes">/root,/home,/etc</directories>
>
> You have "/root" in both of the above entries.
>
> >     <directories report_changes="yes"></directories>
> >     <directories check_sum="yes"></directories>
>
> Why do you have all of these empty entries? They're not checking anything, 
> I'm actually a little surprised they didn't cause more problems.
>
> >     <directories check_size="yes"></directories>
> >     <directories check_owner="yes"></directories>
> >     <directories check_group="yes"></directories>
> >     <directories check_perm="yes"></directories>
> >
> > Where is that data duplicated? I noticed that under the shared directory 
> there is an agent.conf which contains
> >
> >  <!-- Directories to check  (perform all possible verifications) -->
> >     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
> >     <directories check_all="yes">/bin,/sbin</directories>
> >
> > Is that configuration file taken into account? If I remove it it's 
> created once again.
> >
>
> Yes, that file also provides configuration. It's provided by the OSSEC 
> server.
>
> > Thank you for your time and support
> > Regards
> >
> >
> >
> > -- 
> >
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ossec-list+...@googlegroups.com <javascript:>.
> > For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to