Re: [ossec-list] RootCheck disableing

2016-04-19 Thread Santiago Bassett
was meaning to paste this link before sending last email: http://ossec-docs.readthedocs.org/en/latest/manual/rootcheck/manual-rootcheck.html On Tue, Apr 19, 2016 at 5:06 PM, Santiago Bassett < santiago.bass...@gmail.com> wrote: > Hi Eyal, > > try setting syscheck.debug=2 in

Re: [ossec-list] RootCheck disableing

2016-04-19 Thread Santiago Bassett
Hi Eyal, try setting syscheck.debug=2 in internal_options.conf file. It looks like there are some rootchecks that still run, unless you set those to no, like check_pids, check_dev, check_ports,... see more info at: On Mon, Apr 18, 2016 at 12:13 PM, wrote: >

Re: [ossec-list] RootCheck disableing

2016-04-18 Thread joe . cosgrove
Interesting... that should be the only config that you need to update in order to disable the root check. I tried it in my lab and disabled it properly as well. On Sunday, April 17, 2016 at 4:56:15 AM UTC-4, eyal gershon wrote: > > I checked again the logs - > > 2016/04/16 18:37:27

Re: [ossec-list] RootCheck disableing

2016-04-17 Thread eyal gershon
I checked again the logs - 2016/04/16 18:37:27 ossec-rootcheck: INFO: Starting rootcheck scan. 2016/04/16 18:37:27 ossec-rootcheck: No rootcheck_files file configured. 2016/04/16 18:37:27 ossec-rootcheck: No rootcheck_trojans file configured. 2016/04/16 18:45:52 ossec-rootcheck: INFO: Ending

Re: [ossec-list] RootCheck disableing

2016-04-17 Thread eyal gershon
I ran the verify agent tool, It did not return any errors On Friday, April 15, 2016 at 8:26:47 PM UTC+3, joe.co...@wazuh.com wrote: > > Also try using verify-agent-conf. It might help with trouble shooting. > > http://ossec-docs.readthedocs.org/en/latest/programs/verify-agent-conf.html > > On

Re: [ossec-list] RootCheck disableing

2016-04-15 Thread Pedro S
I have reproduced your configuration on my labs, rootcheck is not starting again. Could you re-verify that agent.conf file is right on your agent? On Thursday, April 14, 2016 at 2:38:47 PM UTC+2, eyal gershon wrote: > > 2016/04/14 06:03:17 ossec-rootcheck: INFO: Started (pid: 30101). >

Re: [ossec-list] RootCheck disableing

2016-04-14 Thread eyal gershon
2016/04/14 06:03:17 ossec-rootcheck: INFO: Started (pid: 30101). 2016/04/14 06:06:05 ossec-rootcheck: INFO: Starting rootcheck scan. 2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_files file configured. 2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_trojans file configured. 2016/04/14

Re: [ossec-list] RootCheck disableing

2016-04-14 Thread dan (ddp)
On Thu, Apr 14, 2016 at 6:27 AM, eyal gershon wrote: > Hey, > > I tried to disabled the rootcheck on one of the servers. > I have added the following line to the agent.conf file - > > > yes > > > and after I am restarting the service I get the following output - >

[ossec-list] RootCheck disableing

2016-04-14 Thread eyal gershon
Hey, I tried to disabled the rootcheck on one of the servers. I have added the following line to the agent.conf file - yes and after I am restarting the service I get the following output - Starting ossec-hids: 2016/04/14 06:16:27 ossec-rootcheck: Rootcheck disabled. Exiting.