[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] ZK Rootkit

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] ZK Rootkit
From: "Steven Newson" <steven.newson@xxxxxxxxx>
Date: Tue, 8 Aug 2006 21:28:48 -0400

Hi,

I get the same result as Joe Barr - using SuSE 10.1:

Linux bigblue 2.6.16.21-0.13-default #1 Mon Jul 17 17:22:44 UTC 2006 x86_64 x86_64 x86_64 GNU/Linux

Gives me:

Received From: bigblue->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message"
Portion of the log(s):

Rootkit 'ZK' detected by the presence of file '/etc/sysconfig/console/load.zk'.

Curiously, console is a file not a directory....

Follow-Ups:
- [ossec-list] Re: ZK Rootkit
  - From: Stephen Hawkins

Prev by Date: [ossec-list] Re: Need some help with ossec rule processing
Next by Date: [ossec-list] queries on configuring ossec
Previous by thread: [ossec-list] Re: ZK Rootkit
Next by thread: [ossec-list] Re: ZK Rootkit
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.