This might not be the most efficient way, but the only way I know of right now is to download the latest snapshot:
http://www.ossec.net/files/snapshots/ (Thanks Daniel for this info the other day) and either run the install script or expand it and copy the source directory files: src/rootcheck/db/rootkit_files.txt to the following: var/ossec/etc/shared/rootkit_files.txt and perform /etc/init.d/ossec restart Be sure that the following entry is in ossec.conf, of course: <rootcheck> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> </rootcheck> Hope this helps... if anyone sees any errors in what I have conveyed, please correct me. Tommy -------------- Original message ---------------------- From: neill lillywhite <[EMAIL PROTECTED]> > > hi > > just a quick question > > how do you update the rootkit signatures ?? > > neill
