Having googled I can see there are other siimilar queries to mine, but I
have one issue that the others haven;t addressed.
We run a Ossec-Hids server, as part of various SLAs and accreditations. It
is basically a 24 x7, always on system etc. Ive inherirted the admin of it
- deep joy.
We hav
Hi All,
many thanks for the info so far.
Some further googling has given me some extra info too.
* it seems that the basic rootcheck configuration already exists via the
existing ossec client install
* I found this link
https://www.hivelocity.net/kb/how-to-install-rootcheck-on-the-server/
Thi
monitor-running-processes-with-ossec.html
> Detecting present folder / executable (we have different ways, in this
> case, using Rootcheck):
> https://github.com/wazuh/wazuh-ruleset/blob/master/rootchecks/win_applications_rcl.txt#L59
>
> Regards,
> Pedro Sanchez.
>
>
>
&
Apologies in advance if this is a FAQ - Ive googled a bit but can;t see
anything obvious returned.
Ive been asked to find out of OSSEC HIDS (which we use already for other
monitoring) can be used on linux variations (Centos mainly) to spot "rogue
software". Now there's a ambiguous description