On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic <netwarrior...@gmail.com> wrote:
>
> Hi
> Let's see, shouldn't I have to configure on each tag to which directory I
> want to apply it? as in check_all , directories,  realtime and which
> directories, or are they global parameters? that's why I included home and
> root on both of them.
>


Each option applies to the directories configured in it.

> <directories
> check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin</directories>
>

This checks all of the hashes, owner, and permissions.

>  <directories realtime="yes" check_all="yes">/root,/home,/etc</directories>
>

This does realtime checks of all of the above, and should produce an
error because the "/root," "/home," and "/etc" directories are
duplicated.
Duplication of directories can cause issues, so it's best not to do
it. The way to solve this is not to duplicate these directories in the
second configuration by not including them in the first.
For example:

<directories check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin</directories>
<directories check_all="yes" realtime="yes">/root,/home,/etc</directories>

Now, if you want to add "report_changes" to /etc, you'll have to
remove it from the above configuration. You'll end up with:

<directories check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin</directories>
<directories check_all="yes" realtime="yes">/root,/home</directories>
<directories check_all="yes" realtime="yes"
report_changes="yes">/etc</directories>

>
> Thank you very much
> Best Regerds
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to