installed it on a clean fresh 10.04 system. looks like you got it fixed! thanks!
On Tue, May 18, 2010 at 11:16 AM, Charlie <[email protected]> wrote: > yes, will try it out later today! > thanks! > > > On Tue, May 18, 2010 at 7:01 AM, Daniel Cid <[email protected]> wrote: > >> Hi Charlie, >> >> Thanks! Just fixed on the latest snapshot: >> >> http://www.ossec.net/files/snapshots/ >> >> Can you give it a try? >> >> Thanks, >> >> -- >> Daniel B. Cid >> dcid ( at ) ossec.net >> >> On Fri, May 14, 2010 at 3:58 PM, Charlie <[email protected]> wrote: >> > :~$ strings /bin/login | grep -E >> > 'bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk' >> > /bin/bash >> > /bin/bash >> > >> > On Fri, May 14, 2010 at 12:51 PM, Daniel Cid <[email protected]> >> wrote: >> >> >> >> Hey, >> >> >> >> Yes, it seems a false positive. Can someone with this problem run >> >> >> >> strings /bin/login | grep -E >> >> 'bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk' >> >> >> >> That will show us which part of the signature is wrong. >> >> >> >> Thanks, >> >> >> >> -- >> >> Daniel B. Cid >> >> dcid ( at ) ossec.net >> >> >> >> On Wed, May 12, 2010 at 1:42 PM, grape <[email protected]> wrote: >> >> > I had the same alert as you did. Found the following thread: >> >> > http://art.ubuntuforums.org/showthread.php?t=1465667 >> >> > Hope it helps. >> >> > >> >> > Steve >> >> > >> >> > On May 3, 1:43 pm, Charlie <[email protected]> wrote: >> >> >> anyone else seeing this? >> >> >> >> >> >> Received From: Nyar->rootcheck >> >> >> Rule: 510 fired (level 7) -> "Host-based anomaly detection event >> >> >> (rootcheck)." >> >> >> Portion of the log(s): >> >> >> >> >> >> Trojaned version of file '/bin/login' detected. Signature used: >> >> >> 'bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk' (Generic). >> >> > >> > >> > >> > >
