Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Copying /etc/asl/rules to another installation

https://forums.atomicorp.com/viewtopic.php?t=7635

Page 1 of 1

Copying /etc/asl/rules to another installation

Posted: Sat May 10, 2014 9:29 am
by chrismcb
Just looking to find out how best to copy all of the tailored rules from one machine to another which are stored under /etc/asl/rules.

I've spent a bit of time tweaking email alert levels to ensure that only relevant ones are sent through on my hourly OSSEC report.

I have copied the file over and ran asl -s f, however they don't all seem to be loaded into the system.

Is there another command which would load this file in?

Re: Copying /etc/asl/rules to another installation

Posted: Tue May 13, 2014 8:49 pm
by scott
Use: asl -s -f

And please note that the format of this file has changed from V3 to V4. If you are copying a V3 file over you may need to verify the changes through the rule manager to make sure it re-formats the file in the correct layout.

Re: Copying /etc/asl/rules to another installation

Posted: Wed May 14, 2014 4:51 am
by chrismcb
Thanks - that must have been it, a couple of older ones weren't integrated.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited