Hi, I just removed Ossec 2.1 and installed 2.4 on ubuntu 8.04 system and started ossec using start up script..
I got below email from host, Is that something to worry about or a false alert and can be ignored? Received From:host-ubuntu->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Trojaned version of file '/usr/bin/rlogin' detected. Signature used: 'p1r0c4|r00t|bash|/dev/[^nt]' (Generic). Thank you, U