Julia Vitoria Cardoso
2018-11-20 11:25:00 UTC
Hello. We are using OSSEC for file integrity monitoring as required by PCI
DSS, and i configured our monitoring as usual, all the not-constant
changing configuration files and stuff, ignore all log files and etc.
But we need to monitor if the logfiles are not compromissed. Checksum
checking would be crazy as it changes a lot, but basically now we want to
just check if the files are not deleted.
I was thinking about the options check_sum="yes" as the documentation says,
and i tried some theories like configuring to monitore the folder but only
with the options check permission, owner and group and hoped it would alert
if the file was deleted too, but all the ways i configured it always
alerted file changes.
I am thinking about creating a rule that ignores the alerts from specified
files, but still not happy with this options as it will stil alerts on
manager a lot.
Someone had this problem and can suggest something? Thanks
DSS, and i configured our monitoring as usual, all the not-constant
changing configuration files and stuff, ignore all log files and etc.
But we need to monitor if the logfiles are not compromissed. Checksum
checking would be crazy as it changes a lot, but basically now we want to
just check if the files are not deleted.
I was thinking about the options check_sum="yes" as the documentation says,
and i tried some theories like configuring to monitore the folder but only
with the options check permission, owner and group and hoped it would alert
if the file was deleted too, but all the ways i configured it always
alerted file changes.
I am thinking about creating a rule that ignores the alerts from specified
files, but still not happy with this options as it will stil alerts on
manager a lot.
Someone had this problem and can suggest something? Thanks
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.