cryogen wrote: > Greetings everyone: > > Is there a way to reset the syscheck database? My systems have a > number of critical binaries, such as php, that get updated > occasionally and ossec is now saying "integrity checksum changed (3rd > time)". I don't want auto-ignore to start ignoring these files the > next time they're updated, and I really don't want to turn off auto- > ignore and write an ignore rule for every frequently changed file. > So I was hoping there is a way to reset the integrity checking database?
/bin/syscheck_control -u <id> will clear the database for one agent. Run syscheck_control without any arguments to see the full list of options.
