Apologies in advance if this is a FAQ - Ive googled a bit but can;t see anything obvious returned.
Ive been asked to find out of OSSEC HIDS (which we use already for other monitoring) can be used on linux variations (Centos mainly) to spot "rogue software". Now there's a ambiguous description top start with and I'm trying to ascertain exactly what "rogue software" really means form those that asked me to investigate this! In its widest description I suppose it could be something like taking a baseline of running processes, and reflecting that against future process lists, and alerting for anything running that isn;t in the baseline. Does OSSEC HIDS provide any such or similar facility? cheers ian -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.