I just upgraded my debian system from dpkg.log ... 2008-03-29 08:58:50 status half-configured hdparm 8.6-1 2008-03-29 08:58:51 status installed hdparm 8.6-1
then had this alert - Im assuming this is a false postive due to the new version. OSSEC HIDS Notification. 2008 Mar 29 23:19:03 Received From: thecla2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Trojaned version of file '/sbin/hdparm' detected. Signature used: 'bash|/dev/ida|/dev/' (Generic). --END OF NOTIFICATION -- regards Martin West 07879 680096
