2016/04/14 06:03:17 ossec-rootcheck: INFO: Started (pid: 30101). 2016/04/14 06:06:05 ossec-rootcheck: INFO: Starting rootcheck scan. 2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_files file configured. 2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_trojans file configured. 2016/04/14 06:17:38 ossec-rootcheck: INFO: Ending rootcheck scan.
The start of the scan is right after the restart of the ossed-hids restart from the original post On Thursday, April 14, 2016 at 2:57:36 PM UTC+3, dan (ddpbsd) wrote: > > On Thu, Apr 14, 2016 at 6:27 AM, eyal gershon <gersh...@gmail.com > <javascript:>> wrote: > > Hey, > > > > I tried to disabled the rootcheck on one of the servers. > > I have added the following line to the agent.conf file - > > > > <rootcheck> > > <disabled>yes</disabled> > > </rootcheck> > > > > and after I am restarting the service I get the following output - > > Starting ossec-hids: 2016/04/14 06:16:27 ossec-rootcheck: Rootcheck > > disabled. Exiting. > > ossec-syscheckd: WARN: Rootcheck module disabled. > > > > and a few min later I see in the logs that the rootcheck is running > again. > > any one have an idea why did I miss? > > > > Which log messages are you seeing specifically? > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
