What version of OSSEC? Does the md5 or sha for /sbin/init match what it should?
On Sun, Apr 22, 2012 at 8:41 AM, Mike Sievers <[email protected]> wrote: > Hi List, > > on my opensuse 12.1 I found: > Trojaned version of file '/sbin/init' detected. Signature used: 'HOME' > (Suckit rootkit). > I hope this is false positive, isnĀ“t it? > And some alerts like this: > File '/dev/.sysconfig/network/config-lo' present on /dev. Possible hidden > file. > > ???
