was meaning to paste this link before sending last email:
http://ossec-docs.readthedocs.org/en/latest/manual/rootcheck/manual-rootcheck.html
On Tue, Apr 19, 2016 at 5:06 PM, Santiago Bassett <
santiago.bass...@gmail.com> wrote:
> Hi Eyal,
>
> try setting syscheck.debug=2 in internal_options.conf
Hi Eyal,
try setting syscheck.debug=2 in internal_options.conf file. It looks like
there are some rootchecks that still run, unless you set those to no, like
check_pids, check_dev, check_ports,... see more info at:
On Mon, Apr 18, 2016 at 12:13 PM, wrote:
> Interesting... that should be the on
Interesting... that should be the only config that you need to update in
order to disable the root check. I tried it in my lab and disabled it
properly as well.
On Sunday, April 17, 2016 at 4:56:15 AM UTC-4, eyal gershon wrote:
>
> I checked again the logs -
>
> 2016/04/16 18:37:27 ossec-rootc
I checked again the logs -
2016/04/16 18:37:27 ossec-rootcheck: INFO: Starting rootcheck scan.
2016/04/16 18:37:27 ossec-rootcheck: No rootcheck_files file configured.
2016/04/16 18:37:27 ossec-rootcheck: No rootcheck_trojans file configured.
2016/04/16 18:45:52 ossec-rootcheck: INFO: Ending root
I ran the verify agent tool,
It did not return any errors
On Friday, April 15, 2016 at 8:26:47 PM UTC+3, joe.co...@wazuh.com wrote:
>
> Also try using verify-agent-conf. It might help with trouble shooting.
>
> http://ossec-docs.readthedocs.org/en/latest/programs/verify-agent-conf.html
>
> On Fr
Also try using verify-agent-conf. It might help with trouble shooting.
http://ossec-docs.readthedocs.org/en/latest/programs/verify-agent-conf.html
On Friday, April 15, 2016 at 8:08:23 AM UTC-4, Pedro S wrote:
>
> I have reproduced your configuration on my labs, rootcheck is not starting
> again.
I have reproduced your configuration on my labs, rootcheck is not starting
again. Could you re-verify that agent.conf file is right on your agent?
On Thursday, April 14, 2016 at 2:38:47 PM UTC+2, eyal gershon wrote:
>
> 2016/04/14 06:03:17 ossec-rootcheck: INFO: Started (pid: 30101).
> 2016/04/14
2016/04/14 06:03:17 ossec-rootcheck: INFO: Started (pid: 30101).
2016/04/14 06:06:05 ossec-rootcheck: INFO: Starting rootcheck scan.
2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_files file configured.
2016/04/14 06:06:05 ossec-rootcheck: No rootcheck_trojans file configured.
2016/04/14 06:17:3
On Thu, Apr 14, 2016 at 6:27 AM, eyal gershon wrote:
> Hey,
>
> I tried to disabled the rootcheck on one of the servers.
> I have added the following line to the agent.conf file -
>
>
> yes
>
>
> and after I am restarting the service I get the following output -
> Starting ossec-hids: 2016/0
Hey,
I tried to disabled the rootcheck on one of the servers.
I have added the following line to the agent.conf file -
yes
and after I am restarting the service I get the following output -
Starting ossec-hids: 2016/04/14 06:16:27 ossec-rootcheck: Rootcheck
disabled. Exiting.
ossec-sysc
10 matches
Mail list logo