Issue

• On server that runs a third-party monitoring service called 'Ossec' and when patches are applied, started getting lot of alerts as listed below. Why are these alerts getting generated?

OSSEC HIDS Notification.
2013 May 10 14:21:33
Received From: system3->syscheck
Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)."
Portion of the log(s):
Integrity checksum changed for: '/sbin/setfiles'
Old md5sum was: '044068d8fe17e58bf93fd2ec8c4a302d'
New md5sum is : '8b56b1aa2485d30cdfa97b8bfed09e52'
Old sha1sum was: '59a64da49555ad99259ef0477212bccef6907bfc'
New sha1sum is : '40e48a6e0c22e0c6f331b0358ff76144b68e22b1'
Received From: system3->syscheck
Rule: 552 fired (level 7) -> "Integrity checksum changed again (3rd time)."
Portion of the log(s):
Integrity checksum changed for: '/etc/alternatives/tcl-lib.i386'
Old md5sum was: '031203cd4b349712e5ea39aa1a228b73'
New md5sum is : 'a87b764e4b2a6fc6755012a1399e372d'
Old sha1sum was: '3e45a5ae62ccd490c09c8bbdf3a33416fa3037a5'
New sha1sum is : '21624d325c4d391501632e9c26694fde3ea0d75a'
Integrity checksum changed for: '/usr/bin/tclsh8.4.threads'
Old md5sum was: 'b8073d0d78c669b13871808d61926017'
New md5sum is : '9708f645c8e6be1eb823579985dc8915'
Old sha1sum was: '25ec4eaa7d2ebd60b2741d9033ef43a1631113cf'
New sha1sum is : '3bb257d9ad892e52fa1eab15033c6d7cdd3d8541'