On Fri, Jun 22, 2012 at 9:29 AM, Zate <zat...@gmail.com> wrote: > I dont think that is what they are after. I too am curious how often > rootkit sigs are updated, by who and what the mechanism is to download the > new ones. There are tons of rootkits, is it just a select few that get sigs > made? Rootkit detection is a big selling point for OSSEC, so very curious > how dynamic it is. > > Zate >
The answers you seek are at https://bitbucket.org/dcid/ossec-hids The signatures get updated when someone updates them, just like the rules. A lot of people ask about current rules, and where they can get updated rules, and blah blah blah. But these people never submit new rules. Hell, half of them don't look at the old rules. And since this is a volunteer project, a lack of volunteers makes everything go much much slower. So if you want to see more support for finding rootkits, make it and submit it. Encourage your peers to do so as well. Hire a malware analyst to do it. :) > > > On Fri, Jun 22, 2012 at 7:04 AM, dan (ddp) <ddp...@gmail.com> wrote: >> >> On Thu, Jun 21, 2012 at 2:58 PM, francesco <francesco.magn...@gmail.com> >> wrote: >> > Hi all, >> > i would like to ask if someone know how to automatically download the >> > new rootkit definitions. As i saw from the centralized ossec server i >> > can propagate the rootkit definition files.. the problem is that i >> > don't know where to download those files.. >> > >> > Please anyone know a repository or a url that i can use to download >> > them? >> > >> > >> > Thank you very much. >> > >> > Bye.. >> >> OSSEC's code is in https://bitbucket.org/dcid/ossec-hids > >
