Okay... I found part of my answer ... http://www.ossec.net/doc/programs/syscheck_control.html#syscheck-control
When I use the example: /var/ossec/bin/syscheck_control -i 002 I get a "Segmentation fault", probably due to the very old version that I'm currently stuck on. On Jul 27, 1:45 pm, Patrick <[email protected]> wrote: > The files were changed and were causing issues, we had to move & > rename the bad files so the checksums would no longer match the > syscheck db (or am I wrong). > On that, how do I find out what the syscheck db shows as what the md5 > hash should be? > If there is a 'how-to' already written, please forgive and just point > me in the right direction. > Thanks, > Patrick > > On Jul 27, 1:01 pm, "dan (ddp)" <[email protected]> wrote: > > > > > > > > > Why do you suspect files have changed? > > Does the current md5 or sha hash of the files match the entries in the > > syscheck db? > > > On Wed, Jul 27, 2011 at 1:34 PM, Patrick <[email protected]> wrote: > > > How would I go about troubleshooting if I suspect that some files were > > > changed and Ossec didn't alert on the change? > > > I'm currently using Ossec 2.0. > > > > The files were in the /bin on a Linux server. > > > > Thanks, > > > Patrick
