I've just installed ossec-hid and recieved the following message. """ OSSEC HIDS Notification. 2006 Aug 08 09:30:38
Received From: compdeandy->rootcheck Rule: 14 fired (level 8) -> "Rootkit detection engine message" Portion of the log(s): File '/dev/.static/dev/null"' present on /dev. Possible hidden file. --END OF NOTIFICATION OSSEC HIDS Notification. 2006 Aug 08 09:30:38 Received From: compdeandy->rootcheck Rule: 14 fired (level 8) -> "Rootkit detection engine message" Portion of the log(s): File '/dev/.static/dev/null0' present on /dev. Possible hidden file. --END OF NOTIFICATION """ I've done some searching around and it appears that maybe this file installed by udev. Does anyone know if this indicates an actual rootkit or if this is a false positive? //andy -- No trees were killed in the sending of this message. However a large number of electrons were terribly inconvenienced
