Thanks for your answer. But i want to know the changes on the Agent, example: Windows XP Professional. When the service is installed, what are the changes? where are they stored? Then the Agent will send information to Linux Server with Ossec, and given the alerts. I hope receive your helping. Thanks so much.
Vào 00:02:31 UTC+7 Thứ bảy, ngày 09 tháng mười một năm 2013, Santiago Bassett đã viết: > > Hi Dung, > > If this is for a Linux server I guess you would probably need to monitor > the bin directories, using syscheck, for new files (/bin /sbin /usr/bin > ...), so you can discover if a new service is installed. > > As well, if you know exactly what new files you are looking for, you may > be able to create file system signatures, using rootcheck. You can find > examples at /var/ossec/etc/shared/ > > I hope it helps, > > Santiago. > > > > > On Fri, Nov 8, 2013 at 8:11 AM, Dũng Trần Văn > <[email protected]<javascript:> > > wrote: > >> but i don't know when the service is install on a Agent, what are the >> changes? >> >> *Example: *when The Teamviewer is install? *what is the change, and >> where is it stored *? >> >> Thanks for your helping so much. >> >> If I understand this correctly, OSSEC should be capable of these tasks. >>> >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/groups/opt_out. >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
