I'm assuming that this is a false positive, but I'd prefer not to take any chances. I also know that Slackware 12.2 isn't "officially" supported. Below is the output of an email notification I received less than an hour after installing OSSEC HIDS.
Trojaned version of file '/usr/sbin/tcpdump' detected. Signature used: 'bash|^/bin/sh|file\.h|proc\.h|/dev/[^b]|^/bin/.*sh' (Generic). I initially created a post regarding this on linuxquestions.org linked here: http://www.linuxquestions.org/questions/linux-security-4/ossec-slackware.-tcpdump-flagged-as-trojan.-false-positive-704530/ I have dug through the mailing list of other users having similar events fired for other files and took the liberty of providing the output from the following command to save a little time. u...@host:~$ strings /usr/sbin/tcpdump | grep -E 'bash|^/bin/sh|file\.h|proc\.h|/dev/[^b]|^/bin/.*sh' /dev/usbmon%d Thank you in advance for anyone that could offer an opinion on whether this should be regarded as a valid threat. Matt
