[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: rootkit updates

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: rootkit updates
From: neill lillywhite <neill@xxxxxxxxxxxxxx>
Date: Fri, 04 May 2007 20:11:21 +0100
Content-transfer-encoding: 7bit


Tommy May wrote:

This might not be the most efficient way, but the only way I know of right now is to download the latest snapshot:

http://www.ossec.net/files/snapshots/  (Thanks Daniel for this info the other day)

and either run the install script or expand it and copy the source directory files:

src/rootcheck/db/rootkit_files.txt

to the following:

var/ossec/etc/shared/rootkit_files.txt

and perform /etc/init.d/ossec restart

Be sure that the following entry is in ossec.conf, of course:

<rootcheck>
    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
</rootcheck>

Hope this helps... if anyone sees any errors in what I have conveyed, please correct me.


Tommy

 -------------- Original message ----------------------
From: neill lillywhite <neill@xxxxxxxxxxxxxx>

hi

just a quick question

how do you update the rootkit signatures ??

neill

thanks tommy

am away from the server tonight but will try this ASAP and feedback

thanks

neill

Follow-Ups:
- [ossec-list] Re: rootkit updates
  - From: neill lillywhite

References:
- [ossec-list] Re: rootkit updates
  - From: Tommy May

Prev by Date: [ossec-list] Re: rootkit updates
Next by Date: [ossec-list] Re: rootkit updates
Previous by thread: [ossec-list] Re: rootkit updates
Next by thread: [ossec-list] Re: rootkit updates
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.