Daniel,
Your solution seems to work great. Thanks.
Aaron
On Mon, Mar 16, 2009 at 1:34 PM, Daniel Cid wrote:
>
> Hi Aaron,
>
> This rule should work well without affecting other alerts. However, it
> will only ignore the 3rd change (see rules
> 552 for the 2nd and rule 551 for the first). Becau
Hi Aaron,
This rule should work well without affecting other alerts. However, it
will only ignore the 3rd change (see rules
552 for the 2nd and rule 551 for the first). Because of that, I would
change the if_sid to if_group:
syscheck
'/etc/prelink.cache'
expected file change
You ca
