Greetings, Is there any way possible to get the old and current timestamps alongside these checks done ? (where do you apply this ....what is the syntax...)
And How do we know what actually changed within this file for example aswell ? - I really think that this is an important bit of information as this current notification does not add much value..... Kind Regards, Bradley -----Original Message----- From: OSSEC HIDS [mailto:oss...@serverhostname] Sent: 31 July 2009 05:21 PM To: Subject: OSSEC Notification - ServerName - Alert level 7 OSSEC HIDS Notification. 2009 Jul 31 17:20:17 Received From: ->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/services' Size changed from '672499' to '672523' Old md5sum was: '500a74bfe0f1b0f584c6d8982edf7af6' New md5sum is : 'e560e40fbecc9b3ce0f1e2dc3e41bd71' Old sha1sum was: '365a60642c028342f5ff23d0ee1b294d7d4c0e78' New sha1sum is : 'f32a934aca24b4f9aee62a9a94a0416607f0a752' --END OF NOTIFICATION Please note: This email and its content are subject to the disclaimer as displayed at the following link http://www.is.co.za/legal/E-mail+Confidentiality+Notice+and+Disclaimer.htm. Should you not have Web access, send a mail to [email protected] and a copy will be emailed to you.
