I dont think that is what they are after. I too am curious how often rootkit sigs are updated, by who and what the mechanism is to download the new ones. There are tons of rootkits, is it just a select few that get sigs made? Rootkit detection is a big selling point for OSSEC, so very curious how dynamic it is.
Zate On Fri, Jun 22, 2012 at 7:04 AM, dan (ddp) <ddp...@gmail.com> wrote: > On Thu, Jun 21, 2012 at 2:58 PM, francesco <francesco.magn...@gmail.com> > wrote: > > Hi all, > > i would like to ask if someone know how to automatically download the > > new rootkit definitions. As i saw from the centralized ossec server i > > can propagate the rootkit definition files.. the problem is that i > > don't know where to download those files.. > > > > Please anyone know a repository or a url that i can use to download > > them? > > > > > > Thank you very much. > > > > Bye.. > > OSSEC's code is in https://bitbucket.org/dcid/ossec-hids >