I'd cross-check with one of the rootkit checking tools but yes, kinda looks like you've been pwned.
-- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of satish patel Sent: Tuesday, March 01, 2011 12:53 To: [email protected] Subject: [ossec-list] Trojan found on Redhat AS4 I have just install OSSEC-2.5.1 version on one of Redhat AS4 linux machine and i got following message. What the hack is this ? is this real trojan ? Received From: vmg035->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Trojaned version of file '/proc/1/maps' detected. Signature used: 'init.' (Suckit rootkit). -Satish
