[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-dev] [Bug 93] New: Rootcheck false positive

To: ossec-dev@xxxxxxxxx
Subject: [ossec-dev] [Bug 93] New: Rootcheck false positive
From: ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx
Date: Sun, 28 Oct 2007 07:13:19 -0200
Authentication-results: mx.google.com; spf=pass (google.com: domain of ossec-dev+caf_=ossec-dev=googlegroups.com@xxxxxxxxx designates 209.85.146.178 as permitted sender) smtp.mail=ossec-dev+caf_=ossec-dev=googlegroups.com@xxxxxxxxx
Authentication-results: mx.google.com; spf=pass (google.com: domain of ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx designates 75.126.22.154 as permitted sender) smtp.mail=ossec-bugzilla@xxxxxxxxxxxxxxxxxxxxxxxxxxx

http://www.ossec.net/bugs/show_bug.cgi?id=93

           Summary: Rootcheck false positive
           Product: OSSEC
           Version: 1.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P1
         Component: rootkit-detection
        AssignedTo: ossec-dev@xxxxxxxxx
        ReportedBy: bert@xxxxxxxxxxxx


I received this event and I believe it's a false positive. Please check.

Received From: (xxx) xxx.xxx.xxx.xxx->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):

Files hidden inside directory '/sys/class/vc'. Link count does not match number
of files (54,34).

greets,

Bert


-- 
Configure bugmail: http://www.ossec.net/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Prev by Date: [ossec-dev] [Bug 73] [PATCH] Fix for some memory and descriptors leaks
Next by Date: [ossec-dev] OSSEC v1.4 Available
Previous by thread: [ossec-dev] [Bug 91] New: Input filter fails to validate searchid
Next by thread: [ossec-dev] OSSEC v1.4 Available
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.