Hey guys,
Just now receiving the type of messages below. What should I be looking
out for? How do I determine what processes are being hidden from ps?
<snip>
OSSEC HIDS Notification.
2014 Nov 29 08:09:24
Received From: kuruji->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event
(rootcheck)."
Portion of the log(s):
Process '18' hidden from ps. Possible trojaned version installed.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2014 Nov 29 08:09:24
Received From: kuruji->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event
(rootcheck)."
Portion of the log(s):
Excessive number of hidden processes. It maybe a false-positive or
something really bad is going on.
</snip>
Btw, the server is a test cloud server that I can trash at any time.
Thanks,
--
finid
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
