I installed OSSSEC to very files have chnaged or not. But sometimes it is giving me false waring and integrity checksums like following files have chnaged.
How can i makesure that files are chnaged system not by virus itslef. It is very confusing. It may be the case that file was actually chnaged by virus and i just ignored it
It get the following from OSSSEC logs
Integrity checksum changed for: '/etc/passwd,v'
Integrity checksum changed for: '/etc/userdomains'
Integrity checksum changed for: '/etc/shadow.cache'
Integrity checksum changed for: '/etc/domainusers'
Integrity checksum changed for: '/etc/userplans,v
Integrity checksum changed for: '/etc/trueuserdomains'
Integrity checksum changed for: '/etc/proftpd/passwd.vhosts.cache