On Thu, May 18, 2017 at 3:47 PM, Pedro Sanchez wrote:
> Yes, it does.
> Rootcheck works for Linux as well, we have different rootcheck policies:
> https://github.com/wazuh/wazuh-ruleset/tree/master/rootchecks
>
OSSEC has rootcheck as well.
> Cheers,
> Pedro.
>
> On Wed, May 17,
Hi,
OSSEC has the capability to detect running processes as well as look for
existing registry keys or folders present on the system, you could use that
to detect the rogue software.
Example of getting running processes in Windows and trigger an alert when
needed (using localfiles / logcollector
Apologies in advance if this is a FAQ - Ive googled a bit but can;t see
anything obvious returned.
Ive been asked to find out of OSSEC HIDS (which we use already for other
monitoring) can be used on linux variations (Centos mainly) to spot "rogue
software". Now there's a ambiguous description