[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] File '/dev/.static/dev/null0' present on /dev. Possible hidden file.

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] File '/dev/.static/dev/null0' present on /dev. Possible hidden file.
From: "Andrew Nelson" <freeandy@xxxxxxxxx>
Date: Tue, 8 Aug 2006 10:11:17 -0500

I've just installed ossec-hid and recieved the following message.

"""
OSSEC HIDS Notification.
2006 Aug 08 09:30:38

Received From: compdeandy->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):

File '/dev/.static/dev/null"' present on /dev. Possible hidden file.



 --END OF NOTIFICATION



OSSEC HIDS Notification.
2006 Aug 08 09:30:38

Received From: compdeandy->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):

File '/dev/.static/dev/null0' present on /dev. Possible hidden file.



 --END OF NOTIFICATION
"""

I've done some searching around and it appears that maybe this file
installed by udev.  Does anyone know if this indicates an actual
rootkit or if this is a false positive?

//andy


-- 
No trees were killed in the sending of this message. However a large
number of electrons were terribly inconvenienced

Follow-Ups:
- [ossec-list] Re: File '/dev/.static/dev/null0' present on /dev. Possible hidden file.
  - From: Rafael Capovilla

Prev by Date: [ossec-list] Re: ossec-agentd: error compressing string
Next by Date: [ossec-list] ossec 0.9 under Mac OS X
Previous by thread: [ossec-list] Re: false alarm??
Next by thread: [ossec-list] Re: File '/dev/.static/dev/null0' present on /dev. Possible hidden file.
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.