What's mean that Possible kernel level rootkit
1,350 views
Skip to first unread message
Park Waldo
Apr 5, 2022, 12:16:58 AM4/5/22
to Wazuh mailing list
Dear sir,
I found below alert on my CentOS 7 server.
title: Anomaly detected in file '/dev/mqueue/pmq'.
What's mean and how to resolve to this ?
thanks,
elw...@wazuh.com
Apr 5, 2022, 2:17:27 AM4/5/22
to Wazuh mailing list
Hello Park,
Rootcheck checks the /dev directory and expects only device-specific files and any additional ones should be inspected (like the case of /dev/mqueue/pmq) because it is common that malwares use that directory to hide files (https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/how-it-works.html#scan-the-dev-directory).
Regards,
Wali
Rootcheck checks the /dev directory and expects only device-specific files and any additional ones should be inspected (like the case of /dev/mqueue/pmq) because it is common that malwares use that directory to hide files (https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/how-it-works.html#scan-the-dev-directory).
Regards,
Wali
Park Waldo
Apr 5, 2022, 2:41:47 AM4/5/22
to Wazuh mailing list
Dear sir,
you mean, this alert is detected malware ?
If so, how can I check this file ?
Please explain more clearly
thanks,
2022년 4월 5일 화요일 오후 3시 17분 27초 UTC+9에 elw...@wazuh.com님이 작성:
elw...@wazuh.com
Apr 5, 2022, 6:46:52 AM4/5/22
to Wazuh mailing list
Hello Park,
It is possible. for that, you should access that server and inspect that file.
You have several ways to do so and one of them is uploading the file to Virus total engine https://www.virustotal.com/gui/home/upload.
Regards,
Wali
It is possible. for that, you should access that server and inspect that file.
You have several ways to do so and one of them is uploading the file to Virus total engine https://www.virustotal.com/gui/home/upload.
Regards,
Wali
Reply all
Reply to author
Forward
0 new messages