Hello. I'm seeing a strange issue when running some tests on rule 550 "Integrity checksum changed".
I make a change on a client to /etc/issue and add a line. Syscheck picks it up but reports the change as rule 554 "File added to the system" when the file has already been cataloged by the syscheck database. [root@server1]# ls -lrt total 20 -rw-r--r-- 1 root root 29 Mar 22 14:12 state.1679512366 -rw-r--r-- 1 root root 29 Mar 24 08:54 state.1679666071 -rw-r--r-- 1 root root 26 Mar 24 08:54 diff.1679666071 -rw-r--r-- 1 root root 33 Mar 28 08:31 last-entry -rw-r--r-- 1 root root 30 Mar 28 08:31 diff.1680010317 [root@server1]# cat diff.1680010317 3c3 < #testy --- > #test 3-28 Any ideas? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/2cc1b9f9-afa3-42fe-aa34-3e2c05b98a63n%40googlegroups.com.
