Hello I'm receiving a lot of messages with the following layout, The port is always changing and I could track them back to ports used by NFS ---------------------------------------------------------------------------- ------ OSSEC HIDS Notification. 2010 Mar 21 13:52:29
Received From: (mtsrv003) 10.0.1.13->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Port '991'(tcp) hidden. Kernel-level rootkit or trojaned version of netstat. ---------------------------------------------------------------------------- ------ Is there a possibility to disable the this notification ? Thx Denis Wijnen System admin --------------------------------------------------------- This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message or part thereof. To unsubscribe from this group, send email to ossec-list+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
