On Tue, May 28, 2019 at 3:59 PM Buddha Man <namobuddhaon...@gmail.com> wrote: > > I have some questions: > > Do changes need to be made to config files to activate or utilize the new > rules/decoders related to rootcheck, last root login, active response, PCRE2 > reg ex engine, etc in the new version? >
rootcheck: It doesn't look like all of the audit files are added to the configuration, so you may have to add them manually. I'll have to look at the installation templates to see if they're present on new installs, but there isn't a built-in way to update them during upgrades. active-response: I don't think anything changed beyond maybe a script update. The scripts will be updated, so those changes should be used by default. PCRE2: I don't think there is anything using it in 3.3, but you may have to run contrib/ossec-pcre2-config.pl on the OSSEC server. > If yes, what are the recommended settings and how should each rule be > utilized? > > How are folks using active response be used on endpoints to fend off > potential attacks? > > Thanks, > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/c79b2828-767e-43c5-a290-a0bcba3980a9%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMp6YdKOTQ2JyJd7CHBRSdWTwR%2Btve70qkC2MYnX1k1%2Bww%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.