On Wed, Aug 26, 2015 at 5:04 AM, Michal Eraraa <[email protected]> wrote: > > Hi, > > This file was never more then 452b size. Look at the old md5sum and ":" in > Old sha1sum. > What happened here? >
It looks like OSSEC didn't parse the entry correctly. Does this happen frequently? Would it be possible to get that entry from the syscheck db? > Integrity checksum changed for: '/etc/ntp/keys' > Size changed from '1935306' to '452' > Permissions changed from 'rw-r--r--' to 'rw-------' > Ownership was '511', now it is '38' > Group ownership was '512', now it is '0' > Old md5sum was: '2eb625d72c+++452' > New md5sum is : 'f84f76b69e673be7a55f3d03edded3ef' > Old sha1sum was: > '33152:38:0:f84f76b69e673be7a55f3d03edded3ef:e3fc4020d79ff9eb6fee5e4ab0477f327abc61a4' > New sha1sum is : 'e3fc4020d79ff9eb6fee5e4ab0477f327abc61a4' > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
