Wazuh Denoising
Meldung: [Rule 510]: Trojaned version of file detected /bin/diff
Lösung:
- Copy https://github.com/ossec/ossec-hids/blob/master/src/rootcheck/db/rootkit_trojans.txt to /var/ossec/etc/shared/ on your hub server.
- upgrade from source out of master
Weitere Informationen: https://github.com/ossec/ossec-hids/issues/2020