Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Rule 553 (syscheck file deletion) is not triggering

https://forums.atomicorp.com/viewtopic.php?t=9089

Page 1 of 1

Rule 553 (syscheck file deletion) is not triggering

Posted: Tue Sep 13, 2022 5:57 am
by nikashelia
Hello, I am trying to use OSSEC primarily as a syscheck tool for agentless devices.
All of the rules seemingly work (addition of file, modification, etc) but it seems that file deletion is not detected in alerts.
How do I enable this feature? is it enabled by default on installation similar to how other rules were? (new file, modification).
I do not use realtime as I am trying to create a fully agentless environment.

Re: Rule 553 (syscheck file deletion) is not triggering

Posted: Tue Sep 13, 2022 9:15 am
by cponton
Hello!

Please see this doc for agentless configuration https://docs.atomicorp.com/AEO/agentles ... =agentless
You will probably want to change the conf for <state>periodic</state> to <state>periodic_diff</state>
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited