[ossec-list] rootcheck/rootkit rules
Just wondering where to find docs on writing/updating rules for rootkit/rootcheck? Format and all that is what I am looking for. I am looking through the various root check files under etc/shared, but can't seem to find the syntax for these files in the docs. :-( Any help/suggestions? -K
Re: [ossec-list] rootcheck/rootkit rules
I haven't really messed with that, so there aren't any docs that I'm aware of. On Thu, Jun 7, 2012 at 12:10 PM, Kat uncommon...@gmail.com wrote: Just wondering where to find docs on writing/updating rules for rootkit/rootcheck? Format and all that is what I am looking for. I am looking through the various root check files under etc/shared, but can't seem to find the syntax for these files in the docs. :-( Any help/suggestions? -K