[ossec-list] ZK Rootkit

[Joe Barr]

Has anyone seen false positives on a ZK Rootkit alert referring
to /etc/sysconfig/console/load.zk?  I've gotten it twice on a brand new
installation, with nothing having been done other than to install
OSSEC-HIDS.