It uses md5 and sha1, look at the following alert for example:
Received From: ossec-server->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/etc/passwd-' Size changed from '1257' to '1369' Old *md5sum* was: 'bab476e083da8e1270e51fc24f24f275' New md5sum is : 'b3ed830e2d0d7342e0444450f6728684' Old *sha1sum* was: 'f8a7f6feb38e96aa217d7a385643ca925d0f8996' New sha1sum is : 'e7e433588a3fa7a6a755a663ecf357ee0e3fa06f' On Thu, Feb 25, 2010 at 4:08 PM, csirt <[email protected]> wrote: > Hi, > does anyone know, what hashing functions ossec uses for integrity check? > > regars > > >
