[ossec-list] Integrity checksum changed on executables. No prelinking.

Hello. I'm receiving many of such alert on different executables. (/bin/bash /usr/bin/nautilus /usr/bin/clear_console and much more) 2013 Apr 16 14:26:45 Rule Id: 550 level: 7 Location: (host) 192.168.250.33->syscheck Src IP: y checksum changed for

Re: [ossec-list] Integrity checksum changed on executables. No prelinking.

I've found that checksum modification starts with file /etc/alternatives/mozilla-flashplugin and ends with /bin/rbash. Such order is the same on all hosts. Mozilla is the cause? which way? -/bin/rbash File: /bin/rbash Agent: dbi-726-14x Modification time: 2013 Apr 16 11:03:37 -/bin/bash Fi

Re: [ossec-list] Integrity checksum changed on executables. No prelinking.

still need help -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/gr

Re: [ossec-list] Integrity checksum changed on executables. No prelinking.

On Mon, Apr 22, 2013 at 10:22 AM, Aliev, Dmitry wrote: > still need help > Are the binaries that are changing defined more than once in the option in the ossec.conf/agent.conf? I don't know enough about prelinking, but does not having the packages mean it's not enabled at all? Did the binaries c