Thanks for the reply, sounds like I need to upgrade the server to the latest version.
On Thursday, January 23, 2020 at 5:46:43 PM UTC-6, Leroy Tennison wrote: > > Received the following message: Trojaned version of file '/bin/grep' > detected. Signature used: 'bash|givemer|/dev/' (Generic)." on 18.04.3 LTS. > Downloaded the deb from Ubuntu standard repositories, extracted grep (in > /tmp) and compared sha512sums for it and /bin/grep - identical. I received > another message about a trojaned file for s-nail (also on Ubuntu 16.04) > recently and, in that case, simply de-installed the package since it wasn't > needed. Now I'm wondering if these are false positives. Appears the agent > is 3.1.0, server is 2.9.1. Any suggestions or further steps i can take? > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/55c05e8c-0b4b-4405-bd14-7b79f34c31c1%40googlegroups.com.
