File appears empty. Thanks
On 8/8/06, Rafael Capovilla <[EMAIL PROTECTED]> wrote:
I believe this is a false-positive, check the contents of this file 2006/8/8, Andrew Nelson <[EMAIL PROTECTED]>: > > I've just installed ossec-hid and recieved the following message. > > """ > OSSEC HIDS Notification. > 2006 Aug 08 09:30:38 > > Received From: compdeandy->rootcheck > Rule: 14 fired (level 8) -> "Rootkit detection engine message" > Portion of the log(s): > > File '/dev/.static/dev/null"' present on /dev. Possible hidden file. > > > > --END OF NOTIFICATION > > > > OSSEC HIDS Notification. > 2006 Aug 08 09:30:38 > > Received From: compdeandy->rootcheck > Rule: 14 fired (level 8) -> "Rootkit detection engine message" > Portion of the log(s): > > File '/dev/.static/dev/null0' present on /dev. Possible hidden file. > > > > --END OF NOTIFICATION > """ > > I've done some searching around and it appears that maybe this file > installed by udev. Does anyone know if this indicates an actual > rootkit or if this is a false positive? > > //andy > > > -- > No trees were killed in the sending of this message. However a large > number of electrons were terribly inconvenienced > -- Certified LPIC -1 http://www.underlinux.com.br Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
-- No trees were killed in the sending of this message. However a large number of electrons were terribly inconvenienced
