Hi Daniel, I have compiled and executed ossec-rootchek with these results:
[EMAIL PROTECTED] rootcheck-1.5]$ sudo ./ossec-rootcheck ** Starting Rootcheck v1.5 by Daniel B. Cid ** ** http://www.ossec.net/en/about.html#dev-team ** ** http://www.ossec.net/rootcheck/ ** Be patient, it may take a few minutes to complete... [INFO]: Starting rootcheck scan. [OK]: No presence of public rootkits detected. Analyzed 270 files. [OK]: No binaries with any trojan detected. Analyzed 79 files. [OK]: No problem detected on the /dev directory. Analyzed 267 files [FAILED]: File '/usr/lib/vmware-vix/lib/vixwrapper-config.txt' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/ws-2/64bit/README.txt' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/ws-2/64bit/libvix.so' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/ws-5/64bit/README.txt' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/ws-5/64bit/libvix.so' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/libvixAllProducts.so' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/ws-3/64bit/README.txt' is: - owned by root, - has written permissions to anyone. [FAILED]: File '/usr/lib/vmware-vix/lib/ws-3/64bit/libvix.so' is: - owned by root, - has written permissions to anyone. [ERR]: Check the following files for more information: rootcheck-rw-rw-rw-.txt (list of world writable files) rootcheck-rwxrwxrwx.txt (list of world writtable/executable files) rootcheck-suid-files.txt (list of suid files) [OK]: No hidden process by Kernel-level rootkits. /bin/ps is not trojaned. Analyzed 32768 processes. [OK]: No kernel-level rootkit hiding any port. Netstat is acting correctly. Analyzed 131072 ports. [OK]: The following ports are open: 22 (tcp),25 (tcp),123 (udp) [OK]: No problem detected on ifconfig/ifs. Analyzed 2 interfaces. - Scan completed in 7 seconds. [INFO]: Ending rootcheck scan. No, my cpu never goes down ... Daniel Cid wrote: > Hi, > > Can you download rootcheck (it runs with syscheck on ossec) and run it > manually? We fixed > a few things on it, so that might be causing the issue. > > Get it from (even tough it says 1.5, it is based on the 1.5.1 code) > http://www.ossec.net/en/rootcheck.html > > *Note that very few things changed from 1.5 to 1.5.1, so could this > problem be there before > and you never noticed? Also, does the CPU goes down after a while? > > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > On Sun, Jun 22, 2008 at 7:57 AM, carlopmart <[EMAIL PROTECTED]> wrote: >> carlopmart wrote: >>> Hi all, >>> >>> Tody I have installed ossec 1.5.1. When syscheckd process starts >>> consumes all free cpu usage (sometimes arrives to 99% or 100%)... Using >>> ossec 1.5, syscheckd doesn't produce this type of problem ... How can I >>> fix this?? >>> >>> Many thanks. >> Please, any hints?? >> >> -- >> CL Martinez >> carlopmart {at} gmail {d0t} com >> > -- CL Martinez carlopmart {at} gmail {d0t} com
