The files were changed and were causing issues, we had to move & rename the bad files so the checksums would no longer match the syscheck db (or am I wrong). On that, how do I find out what the syscheck db shows as what the md5 hash should be? If there is a 'how-to' already written, please forgive and just point me in the right direction. Thanks, Patrick
On Jul 27, 1:01 pm, "dan (ddp)" <[email protected]> wrote: > Why do you suspect files have changed? > Does the current md5 or sha hash of the files match the entries in the > syscheck db? > > > > > > > > On Wed, Jul 27, 2011 at 1:34 PM, Patrick <[email protected]> wrote: > > How would I go about troubleshooting if I suspect that some files were > > changed and Ossec didn't alert on the change? > > I'm currently using Ossec 2.0. > > > The files were in the /bin on a Linux server. > > > Thanks, > > Patrick
