neill lillywhite wrote:
Tommy May wrote:
This might not be the most efficient way, but the only way I know of
right now is to download the latest snapshot:
http://www.ossec.net/files/snapshots/ (Thanks Daniel for this info
the other day)
and either run the install script or expand it and copy the source
directory files:
src/rootcheck/db/rootkit_files.txt
to the following:
var/ossec/etc/shared/rootkit_files.txt
and perform /etc/init.d/ossec restart
Be sure that the following entry is in ossec.conf, of course:
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
</rootcheck>
Hope this helps... if anyone sees any errors in what I have conveyed,
please correct me.
Tommy
-------------- Original message ----------------------
From: neill lillywhite <[EMAIL PROTECTED]>
hi
just a quick question
how do you update the rootkit signatures ??
neill
thanks tommy
am away from the server tonight but will try this ASAP and feedback
thanks
neill
i've had a chance to try it now and it works great
thanks again
neill
