[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Rootkit detection

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Rootkit detection
From: peter@xxxxxxx
Date: Tue, 13 Jun 2006 07:52:38 +0200 (CEST)
Content-transfer-encoding: 8bit
Importance: Normal

Hi everybody,

I'm receiving lots of messages from the rootkit engine:

-------------------
Received From: (em) 1.2.3.4->rootcheck
Rule: 14 fired (level 8) -> "Rootkit detection engine message'"
Portion of the log(s):

Port '49277'(tcp) hidden. Kernel-level rootkit or trojaned version of
netstat.
-------------------

The warning is correct because the machine is running serveral vservers
(http://linux-vserver.org/), so there are hidden ports and/or processes.

Is there anything I can do besides switching rootkit detection off?

Thanks Peter



--~--~---------~--~----~------------~-------~--~----~
-~----------~----~----~----~------~----~------~--~---

Follow-Ups:
- [ossec-list] Re: Rootkit detection
  - From: Daniel Cid

Prev by Date: [ossec-list] Re: fwlog question
Next by Date: [ossec-list] Re: feature request: whitelist
Previous by thread: [ossec-list] Re: request for enhancement - separate configure and install tasks
Next by thread: [ossec-list] Re: Rootkit detection
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.