i got ossec notification for Integrity checksum changed for: '/etc/xinetd.d/check_mk'
and surprisingly size in all server monitored by ossec has changed file's to same size, and all server alerted on check_mk. [checksum history of file says its diff and comparing previous there has been only 1 change and this is 1st time] however there is no change being made to this file inside, touch date .. etc in all 50/60 boxes are same, filesize, too. if we get forced to think about backdoor, someone has managed to break in thats not quite what status of server itself says. [other checks login report, ssh integrity, keys, validation of users and so on and so forth]. I am thinking more towards false positive, but that would not be the case in all boxes, getting quite clueless. any heads up? Regards Ashish -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
