I've recently installed OSSEC. I did not had any problems during installation. It also seems to be running. But... I'm having problem to edit ossec.conf file in /var/ossec/etc directory. The file is read-only and thus no changes allowed to be made, no matter with privileges I have while doing it. I've not tried to chmod the file (yet ) in order to alter access permissions and to make it writable since I have a feeling this would be a wrong way of doing things. To me it looks like a kind of hacking a good security system, something similar to logging in as root instead of using sudo in Ubuntu. Am i wrong here and removing read-only attribute is the only way to go? Or another OSSEC specific way does exists?