Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

#126 Le 17/12/2010, à 01:26

castor77

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Tiens j'ai 1 zombie de manière récurrente, puis il dégage et revient.


"I know this music", Le 5ème élément.

Hors ligne

#127 Le 20/12/2010, à 17:11

castor77

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Je reviens avec une question idiote : si je déconnecte volontairement internet pendant une session, faut il que je relance le script de chargement d'Ossec ?


"I know this music", Le 5ème élément.

Hors ligne

#128 Le 28/12/2010, à 15:48

castor77

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Tiens je complète avec une question importante de sécurité sur de multiples Integrity checksum changed :

Est ce grave docteur ?

Je suis en dual boot et j'ai un double kernel-image sur l'écran d'allumage.

La doc cherchée sur internet me donne ça :

http://www.mail-archive.com/ossec-list@ … 02974.html

http://www.ossec.net/wiki/Know_How:agentless_scripts

http://performance.izzop.com/book/export/html/144


** Alert 1293377446.262281: mail  - ossec,syscheck,

2010 Dec 26 16:30:46 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FYZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKs0sa2FH9X0CrPrHAyDWTsFs1QCZd1-MS8Iu6reMxszF3hpmR7Zi1lTExdnCtnLGhI/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsJOkL2UUvWMHpy--2PICcvE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsRZjMpmV0'

Size changed from '16384' to '77824'

Old md5sum was: '81144db64419e7a9db27278615b56b82'

New md5sum is : '99b0ece6c8fc2cf8d0a057cfbc29357e'

Old sha1sum was: '185cb484a9832d599eeb2cc214da6acca8fb3389'

New sha1sum is : 'ec26d78c020065fb12479f357eee4a77f610f0c6'





** Alert 1293377620.263502: mail  - ossec,syscheck,

2010 Dec 26 16:33:40 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKs.mfk36IEUu3BQpjZz.KzMU--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsM1MR.zQz.LMEkYuznA7OjE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKs6lmMEdbKtXn6JVGvhPNhJk--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsS23LOAKoZUXmpCm8GX7cPE--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsQbPSNQR5VIMK3iLG5KZqKRSBzYabB0RsGFrp55vOkco-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsxy.7mL1q-w22xI82Yzjldk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsZYTE6bqUi.pLH0Mrmfvpm16Q6x.b1eYAYrMpOaVtxaM-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHdnrbldE8Dw75NRHRIi8O---/ECR'

Old md5sum was: 'c57af60204f9beaac8684883afbe2e50'

New md5sum is : '631df8130a913d3fd983e06abd0df546'

Old sha1sum was: 'be3b643a72066cc5a80e62a14e3887ffe73e6102'

New sha1sum is : '20308e6ebc5c5c0397bee354df9a2d1acf116c59'





** Alert 1293377624.264686: mail  - ossec,syscheck,

2010 Dec 26 16:33:44 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKs.mfk36IEUu3BQpjZz.KzMU--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsM1MR.zQz.LMEkYuznA7OjE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKs6lmMEdbKtXn6JVGvhPNhJk--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsS23LOAKoZUXmpCm8GX7cPE--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsQbPSNQR5VIMK3iLG5KZqKNJVooyU8DF87s8J.uVUYlM-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsxy.7mL1q-w22xI82Yzjldk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsZYTE6bqUi.pLH0Mrmfvpm16Q6x.b1eYAYrMpOaVtxaM-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHdnrbldE8Dw75NRHRIi8O---/ECR'

Old md5sum was: '9975bbaf3a6c3fa75e4e68d3334d0f56'

New md5sum is : '6e4bcbfdcb7483ab5fec4136ce33c70d'

Old sha1sum was: '206e54e07dfdc79eb6c46e93f6e038cd2529f696'

New sha1sum is : '58ee6da95787bc55725dae51fbbb0da85c856f91'



** Alert 1293382656.278570: mail  - ossec,syscheck,

2010 Dec 26 17:57:36 lptp->syscheck

Rule: 551 (level 7) -> 'Integrity checksum changed again (2nd time).'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsY6z8SCAD4ut4YTihjKEhCwlxCaqO7gOi36wPuZCA.po-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsctG9-EZ.-IaOR8gTSKjq1E--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHKspeaU0kAQ9CzR2jokqlE--/ECR'

Size changed from '16384' to '12288'

Old md5sum was: 'b23aa99725f100d7b5ff91a8c71f6897'

New md5sum is : '2491a78afb70bb578dd15df7a7ff0d3f'

Old sha1sum was: '49a13cf2448b756350e0aa2c889392d2c5c62bf1'

New sha1sum is : 'd755c04d00663a2579b6b30ca22a10c38786d85d'





** Alert 1293382656.279808: mail  - ossec,syscheck,

2010 Dec 26 17:57:36 lptp->syscheck

Rule: 552 (level 7) -> 'Integrity checksum changed again (3rd time).'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsY6z8SCAD4ut4YTihjKEhCwlxCaqO7gOi36wPuZCA.po-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsctG9-EZ.-IaOR8gTSKjq1E--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHKspeaU0kAQ9CzR2jokqlE--/ECR'

Size changed from '12288' to '16384'

Old md5sum was: '2491a78afb70bb578dd15df7a7ff0d3f'

New md5sum is : '1c391f6fbb1e934018a2dcbb3dbbe59a'

Old sha1sum was: 'd755c04d00663a2579b6b30ca22a10c38786d85d'

New sha1sum is : '98d515c354d6580954881f7a370135c5b0b4c7bf'





** Alert 1293382658.281046: mail  - ossec,syscheck,

2010 Dec 26 17:57:38 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsY6z8SCAD4ut4YTihjKEhCwlxCaqO7gOi36wPuZCA.po-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsctG9-EZ.-IaOR8gTSKjq1E--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHKspeaU0kAQ9CzR2jokqlE--/ECR'

Size changed from '16384' to '12288'

Old md5sum was: 'ebd999fa92ef7e0b2a12c3abd7514d0c'

New md5sum is : '90a745c234057d705e1763bec3705005'

Old sha1sum was: 'fa63cd4713803591d76c98dc5f0ba8fdd9db773d'

New sha1sum is : '3d8e8938feb30c34ee5c8e684eec5d9bdbdc62a2'





** Alert 1293382658.282267: mail  - ossec,syscheck,

2010 Dec 26 17:57:38 lptp->syscheck

Rule: 551 (level 7) -> 'Integrity checksum changed again (2nd time).'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsY6z8SCAD4ut4YTihjKEhCwlxCaqO7gOi36wPuZCA.po-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsctG9-EZ.-IaOR8gTSKjq1E--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHKspeaU0kAQ9CzR2jokqlE--/ECR'

Old md5sum was: '90a745c234057d705e1763bec3705005'

New md5sum is : '5f8ea9a001b3ea2e0d7473ae0588ee0e'

Old sha1sum was: '3d8e8938feb30c34ee5c8e684eec5d9bdbdc62a2'

New sha1sum is : '86d70ccaa63f160e17f57469a73d6aae8940a490'





** Alert 1293382658.283468: mail  - ossec,syscheck,

2010 Dec 26 17:57:38 lptp->syscheck

Rule: 552 (level 7) -> 'Integrity checksum changed again (3rd time).'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsY6z8SCAD4ut4YTihjKEhCwlxCaqO7gOi36wPuZCA.po-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsctG9-EZ.-IaOR8gTSKjq1E--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsHKspeaU0kAQ9CzR2jokqlE--/ECR'

Size changed from '12288' to '24576'

Old md5sum was: '5f8ea9a001b3ea2e0d7473ae0588ee0e'

New md5sum is : 'a4422bf6efeafedc98b73ef83834b6cb'

Old sha1sum was: '86d70ccaa63f160e17f57469a73d6aae8940a490'

New sha1sum is : '34f1d95efc347c8f70f669fde61155d62f00d537'





** Alert 1293382660.284706: mail  - ossec,syscheck,

2010 Dec 26 17:57:40 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsr1Wv7E9QHU3tSv-p57KMRE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsmpk7DI8-228Vv4lnG4XVSk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsyogFfcUgdrye4R03Td4zLoDFseBae-zpS-NYTzbds3U-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKswqVVOv-Rzk5jIjUQD1QLOU--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsY6z8SCAD4ut4YTihjKEhCwlxCaqO7gOi36wPuZCA.po-/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsNBU1vWWuoxVArK4p7Ag-B---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsSIH0Rsbo6FqEojFxJ2eaZ---/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKs5ZV18wmt6PuhliG1ojqk.E--/ECR'

Size changed from '16384' to '12288'

Old md5sum was: '2c8987d643baa4bb1de4f92632623756'

New md5sum is : '14b8d9b03e171b96fa3b6d7496b2bb9c'

Old sha1sum was: 'b6a1e7a71ec2e042618808cfead12844b472967d'

New sha1sum is : '5682f7c60e85af9ea2cd840d9486a1010abfd9b3'



** Alert 1293393156.326901: mail  - ossec,syscheck,

2010 Dec 26 20:52:36 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsSc9kDaE5U8LB1j2hqAl8bE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsg2kL3IpeF1zH3SVeF3kNxE--/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsUYCR0GU7A9CMESbKj-.usk--'

Old md5sum was: '0147f3bbf08019d6a292be9fd79a41f5'

New md5sum is : 'c1ee263dfea568346b4e52d348f5bb60'

Old sha1sum was: '325c24c9933b99c1b63c1bafe0159518891ba503'

New sha1sum is : '6a7e8152460c7a59353dd5f35b2a305d3c5d1765'





** Alert 1293393158.327616: mail  - ossec,syscheck,

2010 Dec 26 20:52:38 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsGYVFsCjBRkFacY4gzxVvPrbvYGULyPAEbelrwodcU36-'

Old md5sum was: '594f04e03686e4e269203d0f455e089b'

New md5sum is : '8f3a05c4b4920ce5db351d23c814c5b5'

Old sha1sum was: '4227a94321126104ce0f2885f9a83d850ec12c82'

New sha1sum is : '6b84deabae3e25ba2fa71377246cc675144243fd'





** Alert 1293393176.328181: mail  - ossec,syscheck,

2010 Dec 26 20:52:56 lptp->syscheck

Rule: 550 (level 7) -> 'Integrity checksum changed.'

Src IP: (none)

User: (none)

Integrity checksum changed for: '/home/.ecryptfs/castor/.Private/ECRYPTFS_FNEK_ENCRYPTED.FWZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsQ1mU6r-Yx98l1z7Mms26Bk--/ECRYPTFS_FNEK_ENCRYPTED.FXZgFy-b-5lheUSMLrW97Cvp8.OWVWRbOTKsS6hWg-zTAvektx6iR40mUwtLuGnePkqO6qTer3EG6Js-'

Size changed from '299008' to '614400'

Old md5sum was: '428e5a9a46cd9e899152d04d0a308fc3'

New md5sum is : '920a5a250d35be22e582173ac624efdc'

Old sha1sum was: '8764ef6894530ff23b347e32541c7fdbf19f8113'

New sha1sum is : '6a4e2594b13c37da1423a75fbf28650e045dfe19'

Dernière modification par castor77 (Le 28/12/2010, à 15:49)


"I know this music", Le 5ème élément.

Hors ligne

#129 Le 22/06/2011, à 13:06

castor77

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Mary Poppy,

J'utilise toujours Ossec mais j'ai constaté que les alertes de type niveau 7 à 13 ont diminuées, je n'en plus eut aucune puis depuis une semaine ce sont les alertes de niveau 2 et 3 quotidiennes qui n'apparraissent plus.

Y aurait il un détournement des alertes voire une prise en main de ma configuration par d'autres mains ?


"I know this music", Le 5ème élément.

Hors ligne

#130 Le 25/06/2011, à 17:39

castor77

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Il suffisait d'en parler pour que cela soit résolut...?


"I know this music", Le 5ème élément.

Hors ligne

#131 Le 26/06/2011, à 23:10

MaryPopy

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Hello,

Désolé, je ne connais pas plus que ça ce programme. Peut être que sur leur site tu trouveras une réponse. Je n'ai plus de serveur et n'emploie actuellement plus OSSEC. Désolé.

Hors ligne

#132 Le 27/06/2011, à 03:13

castor77

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

Merci de ta réponse.

Ton tuto d'install était tellement professionnel.... et il reste un grand souvenir d'efficacité et de précision.


"I know this music", Le 5ème élément.

Hors ligne

#133 Le 14/07/2011, à 12:05

MaryPopy

Re : OSSEC > NEW Détection d'intrusion + Rootcheck [solution]

En faite j'ai tellement lutté pour apprivoiser Linux au plus vite pour cause de manque de précisions pour les novice que tout ce que dit ici je le détails au maximum. Puis j'ai un peu laissé tomber l'utilisation de OSSEC car actuellement mon utilisation de Linux est très classique. Je fais parfois des mises à jour de ma version UBUNTU non officiel. La Boîte à Outils en signature.

Je te remercie d'avoir souligné la qualité du tuto. J'espère que sa motivera d'autre bénévoles du site à toujours faire des effort pour bien détailler.

A bientôt.

Hors ligne