I created a decoder for it and action which are working great. <decoder name="rkhunter-check"> <prematch>^Rootkit Hunter: Please inspect this machine, because it may be infected.</prematch> </decoder>
On Monday, 14 January 2013 16:46:21 UTC, [email protected] wrote: > > Hi, > > I know there is already a ossec-rootkit package, but is it possible to > report on rkhunter warnings or its general output such as 'Please inspect > this machine, because it may be infected' or is this out of scope of ossec > and should be deployed via rkhunter's cron and email? > > Thanks, > Stuart >
