Hi, I'm trying to optimise my syscheck agent configuration deployed on CentOS 7.
Currently I'm checking /bin and /usr/bin with the former being a symlink to the latter (also /sbin, /lib, /lib64). This means the scan takes much longer than required and there are many duplicates in the resulting syscheck db on the server. Instead of doing all this extra work, I was wondering if there was a way to have the rootcheck simply check that /bin is a symlink to /usr/bin? I've looked through the existing rootcheck files and can't see an option for doing this. Can anyone advise? Or suggest any other way to achieve the same result? Thanks, Alan -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
