[ossec-list] ZK Rootkit

Steven Newson Tue, 08 Aug 2006 18:33:05 -0700

Hi,

I get the same result as Joe Barr - using SuSE 10.1:

Linux bigblue 2.6.16.21-0.13-default #1 Mon Jul 17 17:22:44 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux

Gives me:

Received From: bigblue->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):

Rootkit 'ZK' detected by the presence of file '/etc/sysconfig/console/load.zk'.

Curiously, console is a file not a directory....

[ossec-list] ZK Rootkit

Reply via email to