1

I know this question has been asked several times, but the answers do not seem to work.

After installing OSSEC server on my Ubuntu Server 18.04 LTS machine, I've received hundreds of "Integrity Checksum Changed" alerts regarding files in the /usr/bin directory. The times these changes have occurred do not correlate with anything I have done myself or with any scheduled tasks.

I have tried the answer from this post, but unfortunately it doesn't work. The /etc/sysconfig directory does not exist, and the OSSEC webpage mentioned no longer exists.

Does anyone know how to fix this? I do not want to completely disable integrity checking as that would defeat the purpose of having OSSEC installed.

EDIT: I highly doubt my system has been hacked already. It's a home server and it's only been online for a few days.

0

You must log in to answer this question.

Browse other questions tagged .