[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: ZK Rootkit

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: ZK Rootkit
From: "Daniel Cid" <daniel.cid@xxxxxxxxx>
Date: Sun, 30 Jul 2006 19:51:43 -0300
Cc: "Joe Barr" <joe@xxxxxxxxxxxx>
Content-disposition: inline
Content-transfer-encoding: 7bit


Which operating system are you using (uname -a)? I never saw any
system using this
file load.zk, but it can be a false positive (it happened before with
other files). Can you also show us the content of it?

Thanks for the report.

--
Daniel B. Cid
dcid ( at ) ossec.net

On 7/30/06, Joe Barr <joe@xxxxxxxxxxxx> wrote:



Has anyone seen false positives on a ZK Rootkit alert referring
to /etc/sysconfig/console/load.zk?  I've gotten it twice on a brand new
installation, with nothing having been done other than to install
OSSEC-HIDS.

References:
- [ossec-list] ZK Rootkit
  - From: Joe Barr

Prev by Date: [ossec-list] ZK Rootkit
Next by Date: [ossec-list] Re: Agent run slow on windows
Previous by thread: [ossec-list] ZK Rootkit
Next by thread: [ossec-list] ZK Rootkit
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.