Hello -- I'm new to the group and using OSSEC. I recently came across this error:
ossec-rootcheck(1252): ERROR: Invalid rk configuration value: 'f'. and it has me confused. Although I think I found the problem, but not sure why. It seems that if the files read by rootkit end with txt on a line, it generates this error, but if I add a blank line to all the files listed for rootkit, the error goes away. I am baffled by this. Of course if I run it with no changes - right after an install, it works fine, but if I start adding my own rootkit or audit checks in the middle of the files, or add a new file to load/use, then I start getting this error. Also, there is not a single file that ends in "f" on the line - all the files had ended with #EOF - as was the default in the base configuration. Any help or suggestions? Is there a way to debug rootkit/audit rules? Thank you, ~J -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
