Skip to content

Fix overwrite FIM settings when entering directories separated by commas#1886

Merged
albertomn86 merged 2 commits into3.7from
fix-fim-overwrite-conf
Nov 16, 2018
Merged

Fix overwrite FIM settings when entering directories separated by commas#1886
albertomn86 merged 2 commits into3.7from
fix-fim-overwrite-conf

Conversation

@bah07
Copy link
Contributor

@bah07 bah07 commented Nov 15, 2018
edited
Loading

Related issue:

The error occurred when adding path separated by commas in the same tag.

Test:

ossec.conf configuration:

<syscheck
 ...
   <directories check_all="yes">/test1,/test2</directories>
   <directories check_all="yes">/test3,/test4</directories>
 ...
</syscheck>

Add this configuration to agent.conf

<agent_config>
  <!-- Shared agent configuration here -->
  <syscheck>
    <directories check_all="no" check_sha1sum="yes" check_size="yes" check_mtime="yes"  whodata="yes">/test1,/test2</directories>
    <directories check_all="no" check_md5sum="yes" check_perm="yes" check_group="yes" realtime="yes">/test3,/test4</directories>
 </syscheck>
</agent_config>

Test:

  • You should see the following messages in the log, where the added directories get the agent.conf configuration.
2018/11/15 09:03:26 ossec-syscheckd: INFO: Monitoring directory: '/test1', with options size | sha1sum | mtime | whodata.
2018/11/15 09:03:26 ossec-syscheckd: INFO: Monitoring directory: '/test2', with options size | sha1sum | mtime | whodata.
2018/11/15 09:03:26 ossec-syscheckd: INFO: Monitoring directory: '/test3', with options perm | group | md5sum | realtime.
2018/11/15 09:03:26 ossec-syscheckd: INFO: Monitoring directory: '/test4', with options perm | group | md5sum | realtime.

@bah07 bah07 added the module/fim File Integrity Monitoring label Nov 15, 2018
@bah07 bah07 requested a review from albertomn86 November 15, 2018 08:12
@albertomn86 albertomn86 merged commit fe8bb5a into 3.7 Nov 16, 2018
@albertomn86 albertomn86 deleted the fix-fim-overwrite-conf branch November 16, 2018 15:23
@albertomn86 albertomn86 mentioned this pull request Nov 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@albertomn86 albertomn86 albertomn86 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@albertomn86 albertomn86

Labels

module/fim File Integrity Monitoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bah07 @albertomn86