Hi All, Recently, I received about 400+ "Alert Level 7" notifications, for a single server, all related to "Integrity checksum changed" events.
I am really worried about this, but I can see no reason why it has happened. The situation has not re-occurred and has not happened on any of the other servers we have OSSEC installed on. Can anyone please explain what could cause this? I am hoping it's some sort of obscure but OK OSSEC anomaly! Cheers, -- ChrisP (slightly panicky) -----Original Message----- From: OSSEC HIDS Sent: 28 July 2011 08:46 To: Chris Phillips Subject: OSSEC Notification (myserver) - Alert level 7 OSSEC HIDS Notification. 2011 Jul 28 08:46:23 Received From: (myserver) >syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/sbin/debugfs' Old md5sum was: 'fd96fc82b74a47577835538ccf6d2adb' New md5sum is : 'c4c01019d7806734e857996adc63cf17' Old sha1sum was: 'c57a92218bd321ff8b27c154e2f5b29185530728' New sha1sum is : '4550b5743fe3368bc1bac683c60c14c232b671e5' --END OF NOTIFICATION
