I should have known... A simple: syscheck_control -z -u all
took care of it entirely. <smack who="self" what="head" on="desk" repeat="yes" /> Thanks! On Aug 25, 2009, at 3:11 PM, ddp wrote: > > If there aren't too many files, you could use syscheck_control. The -f > flag might be what you're looking for. > > On Tue, Aug 25, 2009 at 1:11 PM, cryogen<[email protected]> wrote: >> >> Greetings everyone: >> >> Is there a way to reset the syscheck database? My systems have a >> number of critical binaries, such as php, that get updated >> occasionally and ossec is now saying "integrity checksum changed (3rd >> time)". I don't want auto-ignore to start ignoring these files the >> next time they're updated, and I really don't want to turn off auto- >> ignore and write an ignore rule for every frequently changed file. >> So I was hoping there is a way to reset the integrity checking >> database? >> >> Anybody have any enlightenment? >> >> --cryogen >>
