Hi, from time to time the syscheckd seems not be able to calculate the checksum of a file.
Here is an example: /opt/ossec/bin/syscheck_control -i 119 -f /opt/ossec/etc/ossec.conf 2014 Mar 25 13:34:21,4 - /opt/ossec/etc/ossec.conf File changed. - Being ignored (3 or more changes). Integrity checking values: Size: 13269 Perm: rw------- Uid: 0 Gid: 0 Md5: >xxx Sha1: >xxx 2014 Mar 26 11:51:38,4 - /opt/ossec/etc/ossec.conf File changed. - Being ignored (3 or more changes). Integrity checking values: Size: 13269 Perm: rw------- Uid: 0 Gid: 0 Md5: >af08de8e5618122759246d9eb92174a6 Sha1: >29bcc58ec75a5eb795ba14c06d1ca049ea81768b 2014 Apr 01 17:22:42,4 - /opt/ossec/etc/ossec.conf File changed. - Being ignored (3 or more changes). Integrity checking values: Size: 13269 Perm: rw------- Uid: 0 Gid: 0 Md5: >xxx Sha1: >xxx 2014 Apr 02 11:53:52,4 - /opt/ossec/etc/ossec.conf File changed. - Being ignored (3 or more changes). Integrity checking values: Size: 13269 Perm: rw------- Uid: 0 Gid: 0 Md5: >af08de8e5618122759246d9eb92174a6 Sha1: >29bcc58ec75a5eb795ba14c06d1ca049ea81768b This bug was already filed some years ago: https://bitbucket.org/dcid/ossec-hids/issue/11/syscheck-alerts-checksum-is-xxx But there it is still open. We are able to see this behaviour on several clients (Linus, HP-UX) on 2 different ossec servers: Server1: grep xxx:xxx /opt/ossec/queue/syscheck/* |wc -l 5370 Server2: grep xxx:xxx /opt/ossec/queue/syscheck/* |wc -l 3994 Are we the only one having this problem? Regards Jörn -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
