[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] false alarm??

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] false alarm??
From: Stephen Hawkins <ng0g@xxxxxxxxx>
Date: Tue, 8 Aug 2006 10:06:29 -0500
Content-disposition: inline
Content-transfer-encoding: 7bit

ossec-list,

I am running SuSE 10.0.  I got the exact same alarm that the person who was in 
the /. posting about ossec did.  See below:
-------------------------cut----------------------------------
OSSEC HIDS Notification.
2006 Aug 08 06:54:50

Received From: linux->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):

Rootkit 'ZK' detected by the presence of file 
'/etc/sysconfig/console/load.zk'.
-------------------------------cut-------------------------------------
Has anyone figured out what this is coming from?

Thanks,
Steve
-- 
73 49 111 01001001
Steve Hawkins NG0G
ng0g@xxxxxxxx

Follow-Ups:
- [ossec-list] Re: false alarm??
  - From: Meir Michanie

Prev by Date: [ossec-list] Re: Can IP ranges be put in the whitelist
Next by Date: [ossec-list] Re: false alarm??
Previous by thread: [ossec-list] Re: OSSEC 0.9 Cannot send email
Next by thread: [ossec-list] Re: false alarm??
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.