[ossec-list] Re: OSSEC v2.3 BETA available (testers wanted)

Peter M. Abraham Tue, 24 Nov 2009 07:50:41 -0800

Greetings Daniel:

Has upgrading been fixed so that if you want to update rules, BUT keep
your rule exclusions in /var/ossec/etc/ossec.conf your exclusions are
not clobbered?


i.e.

<!--
    <include>arpwatch_rules.xml</include>
    <include>symantec-av_rules.xml</include>
    <include>symantec-ws_rules.xml</include>
-->

Where the above three rules are excluded in ossec.conf.  Upgrading
ossec clobbers the above changes; and yet, we don't want to say no to
rule upgrades because there may be updates to rules we do use.

Please advise.

Thank you.

[ossec-list] Re: OSSEC v2.3 BETA available (testers wanted)

Reply via email to