Thank you very much for your clarification, now it's much more clear to 
me!!!

Regards


El jueves, 13 de octubre de 2016, 10:32:16 (UTC-3), dan (ddpbsd) escribió:
>
> On Thu, Oct 13, 2016 at 9:21 AM, Kernel Panic <netwar...@gmail.com 
> <javascript:>> wrote: 
> > 
> > Hi 
> > Let's see, shouldn't I have to configure on each tag to which directory 
> I 
> > want to apply it? as in check_all , directories,  realtime and which 
> > directories, or are they global parameters? that's why I included home 
> and 
> > root on both of them. 
> > 
>
>
> Each option applies to the directories configured in it. 
>
> > <directories 
> > 
> check_all="yes">/root,/home,/etc,/bin,/sbin,/usr/bin,/usr/sbin</directories> 
>
> > 
>
> This checks all of the hashes, owner, and permissions. 
>
> >  <directories realtime="yes" 
> check_all="yes">/root,/home,/etc</directories> 
> > 
>
> This does realtime checks of all of the above, and should produce an 
> error because the "/root," "/home," and "/etc" directories are 
> duplicated. 
> Duplication of directories can cause issues, so it's best not to do 
> it. The way to solve this is not to duplicate these directories in the 
> second configuration by not including them in the first. 
> For example: 
>
> <directories check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin</directories> 
> <directories check_all="yes" realtime="yes">/root,/home,/etc</directories> 
>
> Now, if you want to add "report_changes" to /etc, you'll have to 
> remove it from the above configuration. You'll end up with: 
>
> <directories check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin</directories> 
> <directories check_all="yes" realtime="yes">/root,/home</directories> 
> <directories check_all="yes" realtime="yes" 
> report_changes="yes">/etc</directories> 
>
> > 
> > Thank you very much 
> > Best Regerds 
> > 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to