Log hashing? integrity? Try samhain to guard your ossec logs? Eero
ma 14. toukok. 2018 klo 19.48 Will Duckworth <williamjduckwo...@gmail.com> kirjoitti: > Did you ever find out a method? Or just assume the indexing is enough? > > > > On Thursday, 9 February 2012 19:57:46 UTC, awhitehatter wrote: >> >> Hi There, >> >> Can someone assist me with PCI requirement 10.5.5 as it relates to >> configuring of OSSEC? >> >> The requirement says: >> >> 10.5.5 - >> Use file-integrity monitoring or change detection software on logs to >> ensure that existing log data cannot be changed without generating >> alerts(although new data being added should not cause an alert). >> >> OSSEC says in .pdf (http://www.ossec.net/ossec-docs/ossec-PCI- >> Solution.pdf <http://www.ossec.net/ossec-docs/ossec-PCI-Solution.pdf>): >> >> OSSEC's System Integrity Checking module can be configured to monitor >> file system changes (such as changes to files, new files getting >> created, new directories being created, files being removed etc) >> and ... OSSEC will not alert on new additions to log files but instead >> would only alert if the new entries indicate malicious behavior. The >> combination of system integrity and logs inspection can help >> administrators monitor log files without a lot of false alerts. >> >> So how is this configuration created? Can someone provide examples or >> some sort of starting point? >> >> thanks for reading!! > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
