[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] Ignore folders
From: Ozgur Ozdemircili <ozgur.ozdemircili () gmail ! com>
Date: 2010-02-23 8:16:50
Message-ID: 22df2f891002230016m6399a3edvc2a57130ec761e77 () mail ! gmail ! com
[Download RAW message or body]
Actually this is the problem.
I have the following entries in the client`s ossec.conf:
<ignore>/var/www/html/openx</ignore>
<ignore>/var/www/html/fotos</ignore>
<ignore>/root/SYNCFOLDER</ignore>
<ignore>/var/www/content</ignore>
<ignore>/var/www/webcontent</ignore>
<ignore>/var/www/html</ignore>
Yet I still get the following messages:
Received From: (XX)->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event
(rootcheck)."
Portion of the log(s):
File '/var/www/html/fotos/T01000/T01102_11_1.jpg' is owned by root and has
written permissions to anyone.
Any ideas?
=D6zg=FCr =D6zdemircili
http://www.acikkod.org
Code so clean you could eat off it
On Fri, Feb 19, 2010 at 3:36 PM, Daniel Cid <daniel.cid@gmail.com> wrote:
> Hi Ozgur,
>
> The <ignore> option is already recursive by default. So using that should
> be enough.
>
> Ex: <ignore>/etc/httpd</ignore> will ignore all /etc/httpd and subfolders=
.
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
> On Mon, Feb 15, 2010 at 3:58 AM, Ozgur Ozdemircili
> <ozgur.ozdemircili@gmail.com> wrote:
> > Hi,
> >
> > Is there any way to ignore folders recursevily? I.e:
> >
> > I have a folder called data, Inside there are 100+ folders which
> > contrains other folders.
> > Can I recursively ignore data and all the folders inside?
> >
> > Thanks.
> >
> >
> > =D6zg=FCr =D6zdemircili
> >
>
[Attachment #3 (text/html)]
Actually this is the problem.<div><br></div><div>I have the following entries in the \
client`s ossec.conf:</div><div><br></div><div><div><ignore>/var/www/html/openx</ignore></div><div><ignore>/var/www/html/fotos</ignore></div>
<div><ignore>/root/SYNCFOLDER</ignore></div><div><ignore>/var/www/co \
ntent</ignore></div><div><ignore>/var/www/webcontent</ignore></div><div><ignore>/var/www/html</ignore></div>
<div><br></div><div>Yet I still get the following \
messages:</div><div><br></div><div><span class="Apple-style-span" style="font-family: \
arial, sans-serif; font-size: 13px; border-collapse: collapse; ">Received From: \
(XX)->rootcheck<br>
Rule: 510 fired (level 7) -> "Host-based anomaly detection event \
(rootcheck)."<br><div class="im" style="color: rgb(80, 0, 80); ">Portion of the \
log(s):<br><br></div>File '/var/www/html/fotos/T01000/T01102_11_1.jpg' is \
owned by root and has written permissions to anyone.</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: \
13px; border-collapse: collapse; "><br></span></div><div><span \
class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; \
border-collapse: collapse; ">Any ideas?</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: \
13px; border-collapse: collapse; "><br></span></div>Özgür Özdemircili<br><a \
href="http://www.acikkod.org">http://www.acikkod.org</a><br>
Code so clean you could eat off it<br><br>
<br><br><div id="WISESTAMP_SIG"><span style="color:black;"></span></div><br><br><div \
class="gmail_quote">On Fri, Feb 19, 2010 at 3:36 PM, Daniel Cid <span \
dir="ltr"><<a href="mailto:daniel.cid@gmail.com">daniel.cid@gmail.com</a>></span> \
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;">Hi Ozgur,<br> <br>
The <ignore> option is already recursive by default. So using that should<br>
be enough.<br>
<br>
Ex: <ignore>/etc/httpd</ignore> will ignore all /etc/httpd and \
subfolders.<br> <div class="im"><br>
Thanks,<br>
<br>
--<br>
Daniel B. Cid<br>
dcid ( at ) <a href="http://ossec.net" target="_blank">ossec.net</a><br>
<br>
</div>On Mon, Feb 15, 2010 at 3:58 AM, Ozgur Ozdemircili<br>
<div class="im"><<a \
href="mailto:ozgur.ozdemircili@gmail.com">ozgur.ozdemircili@gmail.com</a>> \
wrote:<br> </div><div><div></div><div class="h5">> Hi,<br>
><br>
> Is there any way to ignore folders recursevily? I.e:<br>
><br>
> I have a folder called data, Inside there are 100+ folders which<br>
> contrains other folders.<br>
> Can I recursively ignore data and all the folders inside?<br>
><br>
> Thanks.<br>
><br>
><br>
> Özgür Özdemircili<br>
><br>
</div></div></blockquote></div><br></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic