On Sun, May 19, 2013 at 6:12 AM, frwa onto <[email protected]> wrote: > Thank you dan. Once I installed Ossec is there any command to run to inspect > my current system for any possible intrusion signs? > > On Friday, May 17, 2013 9:35:14 AM UTC+8, dan (ddpbsd) wrote: >> >> On Thu, May 16, 2013 at 9:02 PM, frwa onto <[email protected]> wrote: >> > I have a web server and db server running and just came across this >> > wonderful tool. Do you think is fine to install at this stage the >> > ossec as my server have been running for few months already. Will it >> > still be able to help me in intrusion detection and how about my file >> > check integrity? Thank you. >> > >>
rootcheck may provide some of indication of compromise (should it see evidence). But there isn't really a command to run to perform specific checks. >> You should be able to check the integrity of many of the files on the >> system by comparing them to rpm. I don't see a problem installing >> OSSEC onto a system that's been running already. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
