Hello. We are using OSSEC for file integrity monitoring as required by PCI DSS, and i configured our monitoring as usual, all the not-constant changing configuration files and stuff, ignore all log files and etc.
But we need to monitor if the logfiles are not compromissed. Checksum checking would be crazy as it changes a lot, but basically now we want to just check if the files are not deleted. I was thinking about the options check_sum="yes" as the documentation says, and i tried some theories like configuring to monitore the folder but only with the options check permission, owner and group and hoped it would alert if the file was deleted too, but all the ways i configured it always alerted file changes. I am thinking about creating a rule that ignores the alerts from specified files, but still not happy with this options as it will stil alerts on manager a lot. Someone had this problem and can suggest something? Thanks -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.