[ossec-list] Re: File '/dev/.static/dev/null0' present on /dev. Possible hidden file.

["Rafael Capovilla" <iceman@xxxxxxxxxxxxxxxxx>]

Which distro are you using? Could you try to find out which package use this file?

2006/8/8, Andrew Nelson <freeandy@xxxxxxxxx>:

File appears empty.  Thanks

On 8/8/06, Rafael Capovilla <iceman@xxxxxxxxxxxxxxxxx> wrote:
> I believe this is a false-positive, check the contents of this file
>
> 2006/8/8, Andrew Nelson <freeandy@xxxxxxxxx>:
> >
> > I've just installed ossec-hid and recieved the following message.
> >
> > """
> > OSSEC HIDS Notification.
> > 2006 Aug 08 09:30:38
> >
> > Received From: compdeandy->rootcheck
> > Rule: 14 fired (level 8) -> "Rootkit detection engine message"
> > Portion of the log(s):
> >
> > File '/dev/.static/dev/null"' present on /dev. Possible hidden file.
> >
> >
> >
> > --END OF NOTIFICATION
> >
> >
> >
> > OSSEC HIDS Notification.
> > 2006 Aug 08 09:30:38
> >
> > Received From: compdeandy->rootcheck
> > Rule: 14 fired (level 8) -> "Rootkit detection engine message"
> > Portion of the log(s):
> >
> > File '/dev/.static/dev/null0' present on /dev. Possible hidden file.
> >
> >
> >
> > --END OF NOTIFICATION
> > """
> >
> > I've done some searching around and it appears that maybe this file
> > installed by udev.  Does anyone know if this indicates an actual
> > rootkit or if this is a false positive?
> >
> > //andy
> >
> >
> > --
> > No trees were killed in the sending of this message. However a large
> > number of electrons were terribly inconvenienced
> >
>
>
>
>
> --
> Certified LPIC -1
>  http://www.underlinux.com.br
>
> Unix is very simple, but it takes a genius to understand the simplicity.
> (Dennis Ritchie)


--
No trees were killed in the sending of this message. However a large
number of electrons were terribly inconvenienced

-- 
Certified LPIC -1
http://www.underlinux.com.br

Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)