I've installed and lanched OSSEC, in few minutes I receive through mail this notification... Could be a false positive or something important???
OSSEC HIDS Notification. 2013 May 01 10:42:40 Received From: Power-Mac-G5-2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Files hidden inside directory '/tmp/launch-67hiy7'. Link count does not match number of files (2,3). --END OF NOTIFICATION OSSEC HIDS Notification. 2013 May 01 10:42:40 Received From: Power-Mac-G5-2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Files hidden inside directory '/tmp/launch-eOa7rk'. Link count does not match number of files (2,3). --END OF NOTIFICATION OSSEC HIDS Notification. 2013 May 01 10:42:40 Received From: Power-Mac-G5-2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Files hidden inside directory '/tmp/launch-wLoFke'. Link count does not match number of files (2,3). --END OF NOTIFICATION OSSEC HIDS Notification. 2013 May 01 10:42:40 Received From: Power-Mac-G5-2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Files hidden inside directory '/tmp/launchd-103.cqwHM4'. Link count does not match number of files (2,3). --END OF NOTIFICATION OSSEC HIDS Notification. 2013 May 01 10:42:40 Received From: Power-Mac-G5-2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Files hidden inside directory '/tmp'. Link count does not match number of files (9,10). --END OF NOTIFICATION OSSEC HIDS Notification. 2013 May 01 10:42:41 Received From: Power-Mac-G5-2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Files hidden inside directory '/var/tmp/launchd'. Link count does not match number of files (2,3). --END OF NOTIFICATION -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
