2006/8/8, Andrew Nelson <[EMAIL PROTECTED]>:
I've just installed ossec-hid and recieved the following message.
"""
OSSEC HIDS Notification.
2006 Aug 08 09:30:38
Received From: compdeandy->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):
File '/dev/.static/dev/null"' present on /dev. Possible hidden file.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2006 Aug 08 09:30:38
Received From: compdeandy->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):
File '/dev/.static/dev/null0' present on /dev. Possible hidden file.
--END OF NOTIFICATION
"""
I've done some searching around and it appears that maybe this file
installed by udev. Does anyone know if this indicates an actual
rootkit or if this is a false positive?
//andy
--
No trees were killed in the sending of this message. However a large
number of electrons were terribly inconvenienced
--
Certified LPIC -1
http://www.underlinux.com.br
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
