Hi , I am wondering how to make ossec avoid checking 'netstat' or atleast help me filter these emails. I have made sure netstat isn't an issue on the system.
Received From: sparc-server>rootcheck Rule: 100040 fired (level 7) -> "Host-based anomaly detection event (rootcheck)" Portion of the log(s): Port '855'(tcp) hidden. Kernel-level rootkit or trojaned version of netstat. Thanks
