On Tuesday, June 14, 2016 at 2:02:55 PM UTC-4, dan (ddpbsd) wrote: > > On Tue, Jun 14, 2016 at 1:56 PM, Jeff Blaine <[email protected] > <javascript:>> wrote: > > > > > > On Tuesday, June 14, 2016 at 1:00:14 PM UTC-4, dan (ddpbsd) wrote: > >> > >> On Tue, Jun 14, 2016 at 12:47 PM, Jeff Blaine <[email protected]> > wrote: > >> > I'll also add that /var/ossec/queue/syscheck contains these 2 files, > the > >> > larger of the 2 was last modified ~4 days ago. I don't know if that's > >> > useful > >> > info or not: > >> > > >> > -rw-r----- 1 ossec ossec 3 May 21 10:29 .syscheck.cpt > >> > -rw-r----- 1 ossec ossec 494689 Jun 9 10:48 syscheck > >> > > >> > >> Are the files you modified present in the syscheck file? Are the > >> hashes up to date? > >> > > > > Sure doesn't look it: > > > > [jblaine@ourhost test-checksum-area]$ sha1sum a-file b-file > > da17f5b15f5fbabdb4fea9b728cd5d9f930cfd55 a-file > > 44939617ba6fa46e93af28c0802265b7c3a9a60d b-file > > [jblaine@ourhost test-checksum-area]$ > > > > > #++0:33204:710:710:d41d8cd98f00b204e9800998ecf8427e:da39a3ee5e6b4b0d3255bfef95601890afd80709 > > > > !1465331645 /home/jblaine/test-checksum-area/a-file > > > #++4:33204:710:710:d3b07384d113edec49eaa6238ad5ff00:f1d2d2f924e986ac86fdf7b36c94bcdf32beec15 > > > > !1465342375 /home/jblaine/test-checksum-area/a-file > > > #!+11:33204:710:710:c3b78a0e06770acbdb387341767c5fab:f032d9c6f6f0713ec04c659e66d450f57dee7b97 > > > > !1465343017 /home/jblaine/test-checksum-area/a-file > > > !!!11:33204:710:710:3a4fdabb854febd89315c8f1ab84931f:431049d8fd3238973a6f8c21db0b23cd8e54569a > > > > !1465350249 /home/jblaine/test-checksum-area/a-file > > > #++5:33204:710:710:07d9ee02bc6ff247059fef066b92fdf8:470f34e0a739dd064a11ad4e1bb5facc0585aee6 > > > > !1465409669 /home/jblaine/test-checksum-area/b-file > > > #++12:33204:710:710:e7d7be0b4cbae91e79f2f86af983a5ef:1122cafa6e122ff68e661f11575f9d85b1b1e4e2 > > > > !1465415641 /home/jblaine/test-checksum-area/b-file > > > #!+18:33204:710:710:874a0778b44a16a2789ff24ef904f508:f745ff3f8624aa8da29ff4f7f69f7d95b11ce982 > > > > !1465423555 /home/jblaine/test-checksum-area/b-file > > > !!!15:33204:710:710:f76fbff61c70afcee0df07d4322e1c9f:812e20fe8e29d6ac8e2079b6ceb2a1b3341c3830 > > > > !1465483731 /home/jblaine/test-checksum-area/b-file > > > > So it looks like you haven't turned the auto ignore off, and too many > changes have been made to the file (ignoring it). > The last recorded change for b-file seems to be: > # date -r 1465483731 > Thu Jun 9 10:48:51 EDT 2016 > > Bingo. Thank you!
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
