Hello,
I struggle to get a clear answer from the documentation and my internet
searches : does OSSEC monitor directories permissions (i.e. mode, owner, group)
?
For instance, if I add the following line to the syscheck section of my
ossec.conf:
<directories check_all="yes">/etc</directories>
and I change the permissions of a random /etc sub-directory (like /etc/pam.d)
to 0777, should I expect OSSEC to log an alert ?
I opened the plaintext syscheck database and saw no references to directories
stored in there.
Am I missing something, or is it expected ?
Thanks,
Morgan.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/02fbac280ca44aa0aca44cd65099a9a2%40thalesgroup.com.
For more options, visit https://groups.google.com/d/optout.
