Please any hints about this??
carlopmart wrote:
> Hi Daniel,
>
> I have compiled and executed ossec-rootchek with these results:
>
> [EMAIL PROTECTED] rootcheck-1.5]$ sudo ./ossec-rootcheck
>
> ** Starting Rootcheck v1.5 by Daniel B. Cid **
> ** http://www.ossec.net/en/about.html#dev-team **
> ** http://www.ossec.net/rootcheck/ **
>
> Be patient, it may take a few minutes to complete...
>
> [INFO]: Starting rootcheck scan.
>
> [OK]: No presence of public rootkits detected. Analyzed 270 files.
>
> [OK]: No binaries with any trojan detected. Analyzed 79 files.
>
> [OK]: No problem detected on the /dev directory. Analyzed 267 files
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/vixwrapper-config.txt' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-2/64bit/README.txt' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-2/64bit/libvix.so' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-5/64bit/README.txt' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-5/64bit/libvix.so' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/libvixAllProducts.so' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-3/64bit/README.txt' is:
> - owned by root,
> - has written permissions to anyone.
>
> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-3/64bit/libvix.so' is:
> - owned by root,
> - has written permissions to anyone.
>
> [ERR]: Check the following files for more information:
> rootcheck-rw-rw-rw-.txt (list of world writable files)
> rootcheck-rwxrwxrwx.txt (list of world writtable/executable files)
> rootcheck-suid-files.txt (list of suid files)
>
> [OK]: No hidden process by Kernel-level rootkits.
> /bin/ps is not trojaned. Analyzed 32768 processes.
>
> [OK]: No kernel-level rootkit hiding any port.
> Netstat is acting correctly. Analyzed 131072 ports.
>
> [OK]: The following ports are open:
> 22 (tcp),25 (tcp),123 (udp)
>
> [OK]: No problem detected on ifconfig/ifs. Analyzed 2 interfaces.
>
>
> - Scan completed in 7 seconds.
>
> [INFO]: Ending rootcheck scan.
>
> No, my cpu never goes down ...
>
> Daniel Cid wrote:
>> Hi,
>>
>> Can you download rootcheck (it runs with syscheck on ossec) and run it
>> manually? We fixed
>> a few things on it, so that might be causing the issue.
>>
>> Get it from (even tough it says 1.5, it is based on the 1.5.1 code)
>> http://www.ossec.net/en/rootcheck.html
>>
>> *Note that very few things changed from 1.5 to 1.5.1, so could this
>> problem be there before
>> and you never noticed? Also, does the CPU goes down after a while?
>>
>>
>> Thanks,
>>
>> --
>> Daniel B. Cid
>> dcid ( at ) ossec.net
>>
>>
>> On Sun, Jun 22, 2008 at 7:57 AM, carlopmart <[EMAIL PROTECTED]> wrote:
>>> carlopmart wrote:
>>>> Hi all,
>>>>
>>>> Tody I have installed ossec 1.5.1. When syscheckd process starts
>>>> consumes all free cpu usage (sometimes arrives to 99% or 100%)... Using
>>>> ossec 1.5, syscheckd doesn't produce this type of problem ... How can I
>>>> fix this??
>>>>
>>>> Many thanks.
>>> Please, any hints??
>>>
>>> --
>>> CL Martinez
>>> carlopmart {at} gmail {d0t} com
>>>
>>
>
>
--
CL Martinez
carlopmart {at} gmail {d0t} com
