It doesn't look like hidden files are a problem: # cat /var/ossec/queue/syscheck/*tiny*| grep '/\.' | more +++773:33188:0:0:9726d447425cc7f094ba7ea6c8b7c1e3:4c27895e8d7b97452bcbc263c175c80ed7a9c8e1 !1258733688 /etc/skel/.cshrc +++398:33188:0:0:b68a9277fd8fb926279928b1a2110ff2:e5ce2c1aedc1117c27a48797fcfb9bf012d21d14 !1258733688 /etc/skel/.login +++113:33188:0:0:1e90ce3e55f3b5253eb9e54ce39fdd37:08e75b1b8b313f13787e2276698f26ee90459e1b !1258733688 /etc/skel/.mailrc +++218:33188:0:0:7389c0bfdede1c382b15d9d00161e394:dfcc823a993705b4c52f52ac4fd021963139c88b !1258733688 /etc/skel/.profile +++22:33188:0:0:5c1c6c22bbe810063d22f83c420500a1:c5a018a1774687f0a4520fcd2492da5f8aa139b8 !1258733688 /etc/skel/.Xdefaults
But I haven't done any real testing into the matter. ;) dan On Mon, Mar 15, 2010 at 10:59 AM, oscar schneider <os4...@googlemail.com> wrote: > Does OSSEC really miss out on hidden files? Can't test it right now, but > that would be a serious problem imho. > > On Fri, Mar 12, 2010 at 7:38 PM, dan (ddp) <ddp...@gmail.com> wrote: >> >> I imagine there might be difficulties with udev or devfs or whatever >> linux is using now. Haven't tried it though. >> >> On Fri, Mar 12, 2010 at 11:33 AM, Devendra Agrawal >> <devendra.agra...@gmail.com> wrote: >> > By default, ossec doesn't seems to be doing file integrity checks for >> > /dev, >> > /boot, and hidden files (starting with ".") on Linux. Can ossec monitor >> > them >> > reliably (if I add them in ossec.conf)? I am not sure if there is any >> > advantage in doing the same check for /proc too. >> > >> > Thanks. > >
