You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the syscheck scanner runs and it finds a new file it adds it to the integrity checking database (typically at /var/ossec/queue/syscheck/syscheck ). Currently, it adds it with a line similar to this:
The problem with this is that when the command to list modified files is run (e.g., /var/ossec/bin/syscheck_control -i 000) this new file does not get listed.
It would be very helpful if there were a configuration option that would cause the new line added to the integrity checking database to be added with a "!" like so:
When the syscheck scanner runs and it finds a new file it adds it to the integrity checking database (typically at
/var/ossec/queue/syscheck/syscheck
). Currently, it adds it with a line similar to this:+++4219:33188:0:0:46f58c23838f1d054e4517b42046f1e7:592a4e2fb2c3e0cb855564f741b02567a565d2d8 !1580414084 /etc/ssl/certs/trusted-cert.pem
The problem with this is that when the command to list modified files is run (e.g.,
/var/ossec/bin/syscheck_control -i 000
) this new file does not get listed.It would be very helpful if there were a configuration option that would cause the new line added to the integrity checking database to be added with a "
!
" like so:!+++4219:33188:0:0:46f58c23838f1d054e4517b42046f1e7:592a4e2fb2c3e0cb855564f741b02567a565d2d8 !1580414084 /etc/ssl/certs/trusted-cert.pem
This way,
/var/ossec/bin/syscheck_control -i 000
would show the new file as changed.The text was updated successfully, but these errors were encountered: