Directories mode/owner/group monitoring

19 views
Skip to first unread message

LEMARECHAL Morgan

unread,
Jun 4, 2019, 4:17:37 AM6/4/19
to ossec...@googlegroups.com

Hello,

 

I struggle to get a clear answer from the documentation and my internet searches : does OSSEC monitor directories permissions (i.e. mode, owner, group) ?

 

For instance, if I add the following line to the syscheck section of my ossec.conf:

 

               <directories check_all="yes">/etc</directories>

 

and I change the permissions of a random /etc sub-directory (like /etc/pam.d) to 0777, should I expect OSSEC to log an alert ?

 

I opened the plaintext syscheck database and saw no references to directories stored in there.

 

Am I missing something, or is it expected ?

 

Thanks,

 

Morgan.

dan (ddp)

unread,
Jun 10, 2019, 6:07:01 PM6/10/19
to ossec...@googlegroups.com
No, I don't think it monitors directories.

>
>
> Thanks,
>
>
>
> Morgan.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/02fbac280ca44aa0aca44cd65099a9a2%40thalesgroup.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages