Anything in the ossec logfile about that directory?
On Tue, May 11, 2010 at 3:09 PM, <[email protected]> wrote: > yet when I modify the win.ini I get the response here is the line I > included am I missing something else. Thank You > > <rootcheck> > <windows_audit>./shared/win_audit_rcl.txt</windows_audit> > <windows_apps>./shared/win_applications_rcl.txt</windows_apps> > <windows_malware>./shared/win_malware_rcl.txt</windows_malware> > </rootcheck> > > <!-- Syscheck - Integrity Checking config. --> > <syscheck> > > <!-- Default frequency, every 20 hours. It doesn't need to be higher > - on most systems and one a day should be enough. > --> > <frequency>720</frequency> > <alert_new_files>yes</alert_new_files> > <auto_ignore>no</auto_ignore> > > <!-- By default it is disabled. In the Install you must choose > - to enable it. > --> > <disabled>no</disabled> > > <!-- Default files to be monitored - system32 only. --> > <directories check_all="yes">%WINDIR%/win.ini</directories> > <directories check_all="yes">%WINDIR%/system.ini</directories> > <directories check_all="yes">C:\autoexec.bat</directories> > <directories check_all="yes">C:\config.sys</directories> > <directories check_all="yes">C:\boot.ini</directories> > <directories check_all="yes">%WINDIR%/System32/CONFIG.NT</directories> > <directories check_all="yes">%WINDIR%/temp/</directories> > <directories check_all="yes">%WINDIR%/System32/AUTOEXEC.NT</directories> > <directories check_all="yes">%WINDIR%/System32/at.exe</directories> > <directories check_all="yes">%WINDIR%/System32/attrib.exe</directories> > <directories check_all="yes">%WINDIR%/System32/cacls.exe</directories> > <directories check_all="yes">%WINDIR%/System32/debug.exe</directories> > <directories > check_all="yes">%WINDIR%/System32/drwatson.exe</directories> > <directories > check_all="yes">%WINDIR%/System32/drwtsn32.exe</directories> > <directories check_all="yes">%WINDIR%/System32/edlin.exe</directories> > <directories > check_all="yes">%WINDIR%/System32/eventcreate.exe</directories> > <directories > check_all="yes">%WINDIR%/System32/eventtriggers.exe</directories> > <directories check_all="yes">%WINDIR%/System32/ftp.exe</directories> > <directories check_all="yes">%WINDIR%/System32/net.exe</directories> > <directories check_all="yes">%WINDIR%/System32/net1.exe</directories>
