rootcheck exclude directory

7 views
Skip to first unread message

Ming

unread,
Aug 2, 2025, 9:59:33 PMAug 2
to ossec-list
Hi,

I have directories (/var/www/*) containing over 20 million files (inodes), and rootcheck takes many hours to complete each day because of it. I'd like to completely exclude this directory from rootcheck scans to reduce the load.

From what I understand, using the <ignore> option in the <rootcheck> section only suppresses the warning but doesn't prevent rootcheck from scanning the directory itself.

Is there a supported way to completely skip a specific directory from rootcheck processing?

Thanks in advance for any guidance.
Reply all
Reply to author
Forward
0 new messages