Do we have this feature to disable netstat on v2.9.2? On Thursday, 22 March 2012 10:26:35 UTC+5:30, quanta wrote: > > Which block do I must add these config. to: <ossec_config>, <syscheck> > or anything else? > > Starting OSSEC: 2012/03/22 11:49:29 ossec-config(1230): ERROR: Invalid > element in the configuration: 'rootkit'. > 2012/03/22 11:49:29 ossec-config(1202): ERROR: Configuration error at > '/var/ossec/etc/ossec.conf'. Exiting. > 2012/03/22 11:49:29 ossec-syscheckd(1202): ERROR: Configuration error > at '/var/ossec/etc/ossec.conf'. Exiting. > [FAILED] > > On Jun 21 2011, 3:05 am, Christopher Moraes <[email protected]> > wrote: > > > > <https://bitbucket.org/cmoraes/ossec/changeset/46f14c668cfa>This change > adds > > the following configuration option in ossec.conf. > > <rootkit> > > <disable_check>/dev</disable_check> > > <disable_check>system</disable_check> > > <disable_check>processes</disable_check> > > <disable_check>allports</disable_check> > > <disable_check>openports</disable_check> > > <disable_check>interfaces</disable_check> > > </rootkit> > > > > The following comma separated notation is also supported > > <rootkit> > > <disable_check>/dev, system, processes, allports, openports, > > interfaces</disable_check> > > </rootkit> > > > > The values "/dev", "system", etc. must be spelled exactly as above (case > is > > not important). > > > > HTH, > > Chris > >
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
