I would use the command option on the agent, which allows you to run any local command on a scheduled basis. Grep for the specific config in question, if you place this within an IF, you can pass whatever you want on failure.
Scott Klauminzer Director of Information Technology & Security Sent from my iPad On Oct 3, 2012, at 12:52 AM, Michiel van Es <[email protected]> wrote: > Hello, > > I am using OSSEC 2.6, we are using syscheck to check for our hardening policy. > Like: > # Apache checks > [SDN Security Policy Linux - HTTPD - ServerSignature is enabled] [any] [] > f:$httpd.conf -> r:^ServerSignature On; > > [SDN Security Policy Linux - HTTPD - ServerTokens is fully enabled] [any] [] > f:$httpd.conf -> r:^ServerTokens Full; > > [SDN Security Policy Linux - HTTPD - Trace is enabled] [any] [] > f:$httpd.conf -> r:^TraceEnable On; > > Only, default TraceEnable is not defined in httpd.conf and is default enabled. > How can I check for missing configuration options in a config file? > (in this case check if TraceEnable Off is available otherwise alert - I know > this can also be solved by mod-rewrite) > > Thanks. > > Michiel
