Hi Daniel,
Yes I have 3 vm guests under vmware workstation 6.5: 16K ./lost+found 32G ./el5updates 2.7G ./centos5 8.3G ./win2k8 43G But this VMs exists when I have installed version 1.5 without problems ... Do you want that I open a bug report??? Or maybe this the only real problem?? I can test putting VMs directories out of syscheckd config ... Daniel Cid wrote: > Hi, > > Do you have large VMs running on this box? The only reason I can think > is that you have > very large files that take a while to generate the md5/sha1 checksum. > Anyone else seeing > this behavior? > > *btw, can you provide more information to us? ( > http://www.ossec.net/wiki/index.php/Community_manual:BugReport ) > > Thanks, > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > > > On Fri, Jun 27, 2008 at 11:37 AM, carlopmart <[EMAIL PROTECTED]> wrote: >> Please any hints about this?? >> >> carlopmart wrote: >>> Hi Daniel, >>> >>> I have compiled and executed ossec-rootchek with these results: >>> >>> [EMAIL PROTECTED] rootcheck-1.5]$ sudo ./ossec-rootcheck >>> >>> ** Starting Rootcheck v1.5 by Daniel B. Cid ** >>> ** http://www.ossec.net/en/about.html#dev-team ** >>> ** http://www.ossec.net/rootcheck/ ** >>> >>> Be patient, it may take a few minutes to complete... >>> >>> [INFO]: Starting rootcheck scan. >>> >>> [OK]: No presence of public rootkits detected. Analyzed 270 files. >>> >>> [OK]: No binaries with any trojan detected. Analyzed 79 files. >>> >>> [OK]: No problem detected on the /dev directory. Analyzed 267 files >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/vixwrapper-config.txt' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-2/64bit/README.txt' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-2/64bit/libvix.so' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-5/64bit/README.txt' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-5/64bit/libvix.so' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/libvixAllProducts.so' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-3/64bit/README.txt' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [FAILED]: File '/usr/lib/vmware-vix/lib/ws-3/64bit/libvix.so' is: >>> - owned by root, >>> - has written permissions to anyone. >>> >>> [ERR]: Check the following files for more information: >>> rootcheck-rw-rw-rw-.txt (list of world writable files) >>> rootcheck-rwxrwxrwx.txt (list of world writtable/executable files) >>> rootcheck-suid-files.txt (list of suid files) >>> >>> [OK]: No hidden process by Kernel-level rootkits. >>> /bin/ps is not trojaned. Analyzed 32768 processes. >>> >>> [OK]: No kernel-level rootkit hiding any port. >>> Netstat is acting correctly. Analyzed 131072 ports. >>> >>> [OK]: The following ports are open: >>> 22 (tcp),25 (tcp),123 (udp) >>> >>> [OK]: No problem detected on ifconfig/ifs. Analyzed 2 interfaces. >>> >>> >>> - Scan completed in 7 seconds. >>> >>> [INFO]: Ending rootcheck scan. >>> >>> No, my cpu never goes down ... >>> -- CL Martinez carlopmart {at} gmail {d0t} com
