If there aren't too many files, you could use syscheck_control. The -f flag might be what you're looking for.
On Tue, Aug 25, 2009 at 1:11 PM, cryogen<[email protected]> wrote: > > Greetings everyone: > > Is there a way to reset the syscheck database? My systems have a > number of critical binaries, such as php, that get updated > occasionally and ossec is now saying "integrity checksum changed (3rd > time)". I don't want auto-ignore to start ignoring these files the > next time they're updated, and I really don't want to turn off auto- > ignore and write an ignore rule for every frequently changed file. > So I was hoping there is a way to reset the integrity checking database? > > Anybody have any enlightenment? > > --cryogen >
