On Wed, Apr 04, 2007 at 11:49:03AM +0200, Sebastian Esch wrote:
hi all! I just set up an new virtuozzo virtual server with debian3.1 and plesk 8.1.1. since i used ossec before i installed the new version including the wui. 2 problems: 1. I get messages saying: Received From: xxxxxxxxxxx->rootcheck Rule: 14 fired (level 8) -> "Rootkit detection engine message" Portion of the log(s): Process 'xxxxx' hidden from /proc. Possible kernel level rootkit. serveral times
I am running openvz and getting the same problem, however from /proc on the hardware node but from the /proc of the VPS (for example /var/vz/2001/root/proc). I got rid of it by moving the vps to /opt. HTH, Thanh
