Tommy May wrote:
This might not be the most efficient way, but the only way I know of right now
is to download the latest snapshot:
http://www.ossec.net/files/snapshots/ (Thanks Daniel for this info the other
day)
and either run the install script or expand it and copy the source directory
files:
src/rootcheck/db/rootkit_files.txt
to the following:
var/ossec/etc/shared/rootkit_files.txt
and perform /etc/init.d/ossec restart
Be sure that the following entry is in ossec.conf, of course:
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
</rootcheck>
Hope this helps... if anyone sees any errors in what I have conveyed, please
correct me.
Tommy
-------------- Original message ----------------------
From: neill lillywhite <[EMAIL PROTECTED]>
hi
just a quick question
how do you update the rootkit signatures ??
neill
thanks tommy
am away from the server tonight but will try this ASAP and feedback
thanks
neill
