On 23 September 2014 20:33:54 EEST, Brandon Vincent
wrote:
>On Tue, Sep 23, 2014 at 2:51 AM, List Monkey
>wrote:
>> The ossec-rootcheck is not present on my install (has it been
>deprecated?)
>> I am able to use the agent-control to force a complete run. It runs
>> without error.
>
>Without mo
On Tue, Sep 23, 2014 at 2:51 AM, List Monkey wrote:
> The ossec-rootcheck is not present on my install (has it been deprecated?)
> I am able to use the agent-control to force a complete run. It runs
> without error.
Without more information, I would have to say it is likely a false
positive. A bi
Brandon,
The ossec-rootcheck is not present on my install (has it been deprecated?)
I am able to use the agent-control to force a complete run. It runs
without error.
Arne
On 23. sep. 2014 02:29, Brandon Vincent wrote:
> On Mon, Sep 22, 2014 at 2:10 AM, List Monkey wrote:
>> Any other thoughts?
On Mon, Sep 22, 2014 at 2:10 AM, List Monkey wrote:
> Any other thoughts?
If you run ossec-rootcheck manually do you still get an alert?
Brandon Vincent
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-sec
On 22 Sep 2014, at 11:10, List Monkey wrote:
> I'm running freebsd as an vm. I recently got a hit from the ossec agent:
>
> OSSEC HIDS Notification.
> 2014 Aug 28 03:01:34
>
> Received From: (host) xxx.xxx.xxx.xxx->rootcheck
> Rule: 510 fired (level 7) -> "Host-based anomaly detection event (roo
I'm running freebsd as an vm. I recently got a hit from the ossec agent:
OSSEC HIDS Notification.
2014 Aug 28 03:01:34
Received From: (host) xxx.xxx.xxx.xxx->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):
Process '9990' hidden from
