The USN-3717-1: PolicyKit vulnerabilities are fixed automatically and installed on SecureDrop production instances. I received the following OSSEC alerts, on both mon and app.
OSSEC HIDS Notification. 2018 Jul 17 04:14:17 Received From: mon->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/pkttyagent' Size changed from '10624' to '14720' Old md5sum was: 'cbf1a333c087cc4fdeac75ee9d308ed7' New md5sum is : '979d4c06838a4b85fd2bbc6a710d0bbd' Old sha1sum was: 'b377455e6c19baf1f36c028f44cf84bda45f10f1' New sha1sum is : 'f1d24d7c375e1d409e93989bd23e11a52938058f' --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:17 Received From: mon->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/pkaction' Old md5sum was: '829573442562e6a7a0f73941e62596da' New md5sum is : '7b3aac3777d436d704b3f04fd5627e3f' Old sha1sum was: 'e56170204bd82193e7ccec83d1a63e5f7374f70f' New sha1sum is : '088d2cb843e97e87cb82ef630ff511f8bb620dd5' --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:17 Received From: mon->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/pkcheck' Old md5sum was: 'beec5734f8aaf85137238a741af1d4de' New md5sum is : 'f77a5499da776bb7f1983a7c05e2f063' Old sha1sum was: 'f07543d1d4b56b0cd07d1f3187f85f5a240c5fcd' New sha1sum is : 'c98f59f3e9cc986d828feffe5f12dca35976fd1c' --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:17 Received From: mon->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/pkttyagent' Size changed from '10624' to '14720' Old md5sum was: 'cbf1a333c087cc4fdeac75ee9d308ed7' New md5sum is : '979d4c06838a4b85fd2bbc6a710d0bbd' Old sha1sum was: 'b377455e6c19baf1f36c028f44cf84bda45f10f1' New sha1sum is : 'f1d24d7c375e1d409e93989bd23e11a52938058f' --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:17 Received From: mon->syscheck Rule: 550 fired (level 7) -> "Integrity checksum changed." Portion of the log(s): Integrity checksum changed for: '/usr/bin/pkexec' Permissions changed from 'rwsr-xr-x' to 'rwxr-xr-x' Old md5sum was: '0c4923d808eaf0e68cce810d7404255c' New md5sum is : '8913cc8cad1dfcd1e605e5afdb2ab4f8' Old sha1sum was: 'c81139a22efca4c4bee11ad4782412b5e786c9a9' New sha1sum is : 'bbf49b9c24405bc4135f73b060486180f4e59b13' --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:19 Received From: mon->/var/log/dpkg.log Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed." Portion of the log(s): 2018-07-17 04:14:18 status installed man-db:amd64 2.6.7.1-1ubuntu1 --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:19 Received From: mon->/var/log/dpkg.log Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed." Portion of the log(s): 2018-07-17 04:14:19 status installed libpolkit-gobject-1-0:amd64 0.105-4ubuntu3.14.04.2 --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:19 Received From: mon->/var/log/dpkg.log Rule: 2902 fired (level 7) -> "New dpkg (Debian Package) installed." Portion of the log(s): 2018-07-17 04:14:19 status installed libpolkit-agent-1-0:amd64 0.105-4ubuntu3.14.04.2 --END OF NOTIFICATION OSSEC HIDS Notification. 2018 Jul 17 04:14:20 Received From: mon->syscheck Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)." Portion of the log(s): Integrity checksum changed for: '/usr/bin/pkexec' Permissions changed from 'rwxr-xr-x' to 'rwsr-xr-x' --END OF NOTIFICATION