On 12/15/2010 08:10 PM, dan (ddp) wrote:
On Wed, Dec 15, 2010 at 1:38 PM, carlopmart<carlopm...@gmail.com> wrote:
On 12/15/2010 07:14 PM, d.asse...@cgi.com wrote:
And the answer is E
But I did remove some functionality from the server side
I'm writhing a doc on it for the deployment team But basicali remove
In ossec.conf the services you don’t want doubled up
But first I installed the server in /opt/ossec-server
Then did same install has agent in /opt/opt/ossec-agent
Next started the server
Then added the agent using mange agent on the server side
Up t'il now no conflicts some tweaking of of the conf file
To remove or add functionality
But all this is in test mode to see if ossec will meet the
Requirements of the Torquemada of this world(corp. security)
Good luck
Dan
Thanks Dan.
I have installed ossec as a server disabling rootchek, syscheck and active
response. But when I launch ossec init script syscheckd is started. How can
I prevent to start syscheckd??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
I think, in the syscheck section, you can add
<disabled>yes</disabled>. I don't see it in the documentation, but I
see references in the source to it (which I can't dig into very much).
I kind of remember there being a similar optionf or rootcheck.
I have tried it, and doesn't works. Syscheckd is started ...
--
CL Martinez
carlopmart {at} gmail {d0t} com