ossec-hids: rootkit_trojans.txt (HEAD) [dcid]
OSSEC CVS
Changes by: dcid 09/01/26 12:50:06
Modified files:
rootkit_trojans.txt
Log message:
Description: Fixed ui.nsi to create the output file in the local directory.
Reviewed by: dcid
Bug:
Index: rootkit_trojans.txt
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/db/rootkit_trojans.txt,v
diff -u -r1.18 -r1.19
--- rootkit_trojans.txt 17 Apr 2008 13:39:53 -0000 1.18
+++ rootkit_trojans.txt 26 Jan 2009 16:50:05 -0000 1.19
@@ -50,7 +50,7 @@
netstat !bash|^/bin/sh|/dev/[^aik]|/prof|grep|addr\.h!
top !/dev/[^npi3st%]|proc\.h|/prof/!
ps !/dev/ttyo|\.1proc|proc\.h|bash|^/bin/sh!
-tcpdump !bash|^/bin/sh|file\.h|proc\.h|/dev/[^b]|^/bin/.*sh!
+tcpdump !bash|^/bin/sh|file\.h|proc\.h|/dev/[^bu]|^/bin/.*sh!
pidof !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh!
fuser !bash|^/bin/sh|file\.h|proc\.h|/dev/[a-dtz]|^/bin/.*sh!
w !uname -a|proc\.h|bash!
OSSEC CVS
Changes by: dcid 09/06/03 16:18:33
Modified files:
rootkit_trojans.txt
Log message:
Description: Fixing false positive on pidof.
Reviewed by: dcid
Bug:
Index: rootkit_trojans.txt
===================================================================
RCS file: /usr/cvsroot/ossec-hids/src/rootcheck/db/rootkit_trojans.txt,v
diff -u -r1.19 -r1.20
--- rootkit_trojans.txt 26 Jan 2009 16:50:05 -0000 1.19
+++ rootkit_trojans.txt 3 Jun 2009 19:18:32 -0000 1.20
@@ -51,7 +51,7 @@
top !/dev/[^npi3st%]|proc\.h|/prof/!
ps !/dev/ttyo|\.1proc|proc\.h|bash|^/bin/sh!
tcpdump !bash|^/bin/sh|file\.h|proc\.h|/dev/[^bu]|^/bin/.*sh!
-pidof !bash|^/bin/sh|file\.h|proc\.h|/dev/|^/bin/.*sh!
+pidof !bash|^/bin/sh|file\.h|proc\.h|/dev/[^f]|^/bin/.*sh!