Hi Daniel,
I just tried the tip version.
Compiling and updating was ok, but when I start:
/var/ossec/bin/agent_control -r -a
2012/04/28 07:39:58 agent_control(1210): ERROR: Queue '/queue/alerts/ar'
not accessible: 'Queue not found'.
2012/04/28 07:40:13 agent_control(1301): ERROR: Unable to
-list@googlegroups.com
*Subject: *[ossec-list] Suckit rootkit
Hi List,
on my opensuse 12.1 I found:
Trojaned version of file '/sbin/init' detected. Signature used: 'HOME'
(Suckit rootkit).
I hope this is false positive, isn´t it?
And some alerts like this:
File '/dev/.sysconfig/network
What version of OSSEC?
Does the md5 or sha for /sbin/init match what it should?
On Sun, Apr 22, 2012 at 8:41 AM, Mike Sievers
saturnge...@googlemail.com wrote:
Hi List,
on my opensuse 12.1 I found:
Trojaned version of file '/sbin/init' detected. Signature used: 'HOME'
(Suckit rootkit).
I
Hi List,
on my opensuse 12.1 I found:
Trojaned version of file '/sbin/init' detected. Signature used: 'HOME'
(Suckit rootkit).
I hope this is false positive, isn´t it?
And some alerts like this:
File '/dev/.sysconfig/network/config-lo' present on /dev. Possible hidden
file.
???
@googlegroups.com
Subject: [ossec-list] Suckit rootkit
Hi List,
on my opensuse 12.1 I found:
Trojaned version of file '/sbin/init' detected. Signature used: 'HOME'
(Suckit rootkit).
I hope this is false positive, isn´t it?
And some alerts like this:
File '/dev/.sysconfig/network/config-lo' present