[ossec-list] RE: MD5 sum changed on /bin/ls

Wed, 14 Jul 2010 12:46:15 -0700 

Ok, it's because the prelink is activated. I just moved my 
/etc/crond.daily/prelink to another directory !

But I have an another issue, how to configure the directories to check ?

In the "ossec.conf" file, you have the "<!-- Files/directories to ignore -->". 
But I want to ignore all the */.svn/*, is it possible ? 
Or for example, /etc/logrotate* ?

Thanks a lot ! 


-----------------------------------------------------------------------------------------------------------------



Hello everybody !

I just have an alert from OSSEC about integrity check on some bin files.
But when I do a "ls -l" the modification date is very old (2009).
When I do a "md5sum", Ossec has the correct sum. 

What can I do ? 

Thanks a lot and have a good day !

 -/bin/ls
 File: /bin/ls
 Agent: ***
 Modification time: 2010 Jul 14 05:59:25
-/bin/tar
 File: /bin/tar
 Agent: ***
 Modification time: 2010 Jul 14 05:59:23
-/bin/ex
 File: /bin/ex
 Agent: ***
 Modification time: 2010 Jul 14 05:59:21
-/bin/gtar
 File: /bin/gtar
 Agent: ***
 Modification time: 2010 Jul 14 05:59:19
-/bin/vi
 File: /bin/vi
 Agent: ***
 Modification time: 2010 Jul 14 05:59:17
-/bin/rview
 File: /bin/rview
 Agent: ***
 Modification time: 2010 Jul 14 05:59:17
-/bin/rvi
 File: /bin/rvi
 Agent: ***
 Modification time: 2010 Jul 14 05:59:17
+/bin/cp
-/bin/cp
 File: /bin/cp
 Agent: ***
 Modification time: 2010 Jul 14 05:59:17
-/bin/mv
 File: /bin/mv
 Agent: ***
 Modification time: 2010 Jul 14 05:59:15
-/bin/view
 File: /bin/view
 Agent: ***
 Modification time: 2010 Jul 14 05:59:13
-/usr/bin/vdir
 File: /usr/bin/vdir
 Agent: ***
 Modification time: 2010 Jul 14 05:56:56
+/usr/bin/ex
-/usr/bin/ex
 File: /usr/bin/ex
 Agent: ***
 Modification time: 2010 Jul 14 05:56:10
-/usr/bin/vimdiff
 File: /usr/bin/vimdiff
 Agent: ***
 Modification time: 2010 Jul 14 05:56:08
-/usr/bin/rvim
 File: /usr/bin/rvim
 Agent: ***
 Modification time: 2010 Jul 14 05:56:04
-/usr/bin/chacl
 File: /usr/bin/chacl
 Agent: ***
 Modification time: 2010 Jul 14 05:54:58
-/usr/bin/rsync
 File: /usr/bin/rsync
 Agent: ***
 Modification time: 2010 Jul 14 05:54:56
-/usr/bin/vim
 File: /usr/bin/vim
 Agent: ***
 Modification time: 2010 Jul 14 05:54:54
-/usr/bin/setfacl
 File: /usr/bin/setfacl
 Agent: ***
 Modification time: 2010 Jul 14 05:54:31
-/usr/bin/dir
 File: /usr/bin/dir
 Agent: ***
 Modification time: 2010 Jul 14 05:54:13
-/usr/bin/getfacl
 File: /usr/bin/getfacl
 Agent: ***
 Modification time: 2010 Jul 14 05:53:33
+/usr/bin/install

Reply via email to