On Fri, 24 Jan 2014 07:50:25 -0500 "dan (ddp)" <[email protected]> wrote:
> On Fri, Jan 24, 2014 at 5:41 AM, Bruno Andrade <[email protected]> > wrote: > > Hey, I have a doubt about update file signatures to the database.. > > > > Basically I have installed OSSEC Hids and the webUI. On the webUI, > > I go integrity checking->Dump database and I check the last > > modified files. I click the file and I see the old signature and > > new one. > > > > If I now that change is legitimate, how can I update database to > > use the new file signature and don't alert about that change? > > > > If the signature is in the database, the alert should have already > been triggered. I think you don't fully understand my question. Basically, I have this: /etc/gshadow- md5 <old_signature> sha1 <old_signature> -> md5 <new_signature> sha1 <new_signature> So, I know that /etc/gshadow file has been changed because maintenance in the system and not an attack. I think the <old_signature> still in the database, and it will be triggering the alert every time it analysis the file. So, how can I update the signature for the file to use the <new_signature>? > > Thanks in advance. -- Bruno Andrade <[email protected]> Programador (I&D) Eurotux Informática, S.A. | www.eurotux.com (t) +351 253 680 300 (m) +351 936 293 858 -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
