[prev in list] [next in list] [prev in thread] [next in thread]
List: osiris
Subject: Re: [osiris] Filters
From: Brian Wotring <brian () shmoo ! com>
Date: 2003-11-19 21:57:26
Message-ID: 5D197324-1ADB-11D8-9ABF-000393578C14 () shmoo ! com
[Download RAW message or body]
Yes, these two can easily be added.
On Nov 19, 2003, at 2:45 PM, Alexei_Roudnev wrote:
> Is there any way to add 2 things into the notification:
> - version of scan agent;
> - name of configuration used for this scan?
>
> I have a feeling of nightmare, if we change scan agent few times (more
> than
> once) and then I need to syncronise manager, cli client and 40
> agents...
>
> Alex
>
> ----- Original Message -----
> From: "Brian Wotring" <brian@shmoo.com>
> To: "Osiris Users" <osiris@lists.shmoo.com>
> Sent: Wednesday, November 19, 2003 12:30 PM
> Subject: Re: [osiris] Filters
>
>
>>
>> On Nov 19, 2003, at 1:05 PM, Jason 'XenoPhage' Frisvold wrote:
>>
>>>> PS. I think it is all wrong here. To exclude a directory, single
>>>> NoEntry
>>>> directive should be used. For now, it does not work because it do
>>>> not
>>>> block
>>>> 'ctime / mtime' check;
>>>> but I believe that it is design bug, and should be fixed.
>>>
>>> Hrm... I have to agree ... And if you *wanted* to see the
>>> mtime/ctime
>>> checks, you could Include them ...
>>
>> It would require an extra rule, but yes. It sounds like this needs to
>> be changed. I will add this to the todo list. Anyone who objects,
>> speak up.
>>
>>>> After it, you just
>>>> write:
>>>>
>>>> <Direcory /usr>
>>>> NoEntry tmp
>>>> NoEntry local/tmp
>>>
>>> The second NoEntry would be redundant.. Your first NoEntry directive
>>> would block both /usr/tmp *and* /usr/local/tmp
>>
>> Right. The scanner will not traverse anything under that directory
>> (unless there is a specific block for it).
>>
>> --
>> Brian Wotring ( brian@shmoo.com )
>> PGP KeyID: 0x9674763D
>>
>> _______________________________________________
>> osiris mailing list
>> osiris@lists.shmoo.com
>> https://lists.shmoo.com/mailman/listinfo/osiris
>>
>
> _______________________________________________
> osiris mailing list
> osiris@lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris
>
>
--
Brian Wotring ( brian@shmoo.com )
PGP KeyID: 0x9674763D
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic