Get OSSEC syscheck to alert on change to directory but not its contents

Question

We are running OSSEC 3.2 on some Debian servers. We are using OSSEC's syscheck to alert us when certain files and directories change.

I want syscheck to generate an alert when the directory /tmp changes. Now, I don't care about any of /tmp's content, but I do care about the directory itself. For example, if the permissions on /tmp change, or its group or owner changes, I want to know.

How do I tell syscheck to alert me on changes to /tmp but not to its contents?

asktyagi · Accepted Answer · 2019-10-29 03:20:34Z

0

You can try like below:

<directories check_owner="yes" check_group="yes" check_perm="yes">/tmp</directories>

answered Oct 29, 2019 at 3:20

asktyagi

2,9342 gold badges9 silver badges25 bronze badges

Add a comment |

Stack Exchange Network

Get OSSEC syscheck to alert on change to directory but not its contents

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
permissions
ossec
.

Hot Network Questions

Get OSSEC syscheck to alert on change to directory but not its contents

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged permissionsossec.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
permissions
ossec
.