Hi Peter, For this version you can't do much because the configuration for rootcheck is not very granular and you can't disable each module separately. I will try to add something for the next release...
*btw, if anyone is interested to help in the development, just contact me privately... Me and Ahmet have been very busy (yes, a lot of features comming) and a help would .. help :) Thanks, -- Daniel B. Cid dcid @ ( at ) ossec.net On 6/13/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi everybody, > > I'm receiving lots of messages from the rootkit engine: > > ------------------- > Received From: (em) 1.2.3.4->rootcheck > Rule: 14 fired (level 8) -> "Rootkit detection engine message'" > Portion of the log(s): > > Port '49277'(tcp) hidden. Kernel-level rootkit or trojaned version of > netstat. > ------------------- > > The warning is correct because the machine is running serveral vservers > (http://linux-vserver.org/), so there are hidden ports and/or processes. > > Is there anything I can do besides switching rootkit detection off? > > Thanks Peter > > > > > > --~--~---------~--~----~------------~-------~--~----~ -~----------~----~----~----~------~----~------~--~---
