[ossec-list] Re: ossec-rootcheck found hidden ports -- how can I verify if this is a false positive or not?

["Peter M. Abraham" <peter.m.abraham@xxxxxxxxx>]

Greetings Steve:

I finally got around to installing the latest nmap and checking nmap.

PORT     STATE SERVICE    VERSION
21/tcp   open  ftp        ProFTPD 1.3.0a
22/tcp   open  ssh        OpenSSH 3.6.1p2 (protocol 2.0)
25/tcp   open  smtp       qmail smtpd
53/tcp   open  domain
80/tcp   open  http       Apache httpd
110/tcp  open  pop3       qmail pop3d
143/tcp  open  imap       Courier Imapd (released 2005)
443/tcp  open  http       Apache httpd
587/tcp  open  smtp       qmail smtpd
953/tcp  open  rndc?
3306/tcp open  mysql      MySQL 5.0.45-community-log
5001/tcp open  apc-agent  APC PowerChute agent
5432/tcp open  postgresql PostgreSQL DB
8009/tcp open  ajp13?
8080/tcp open  http       Apache httpd
8443/tcp open  http       Apache httpd

Yet, ossec-rootcheck shows

[FAILED]: Port '40773'(tcp) hidden. Kernel-level rootkit or trojaned
version of netstat.

Thank you.