I'm thinking of modifying the diff_cmd in syscheckd/seechanges.c and
agentlessd/agentlessd.c to be "unified" ("-u"). Any comments on whether or not
this is a good idea?
The only thing I can think of is it might make the diff results longer, unless
it is restricted to just the changed lines (no context, or "-U 0"). Removing
context should actually make the diff output shorter. And, I suppose that this
version of diff is not necessarily supported on all platforms, but it would be
in all Linux flavors.
--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH
