Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Host-based anomaly detection event (rootcheck).
« previous
next »
Print
Pages: [
1
]
Author
Topic: Host-based anomaly detection event (rootcheck). (Read 1247 times)
sizzling~snitch
Newbie
Posts: 10
Karma: 0
Host-based anomaly detection event (rootcheck).
«
on:
March 06, 2024, 04:55:30 am »
Hello All, I found that OPNsense had a built-in Wazuh agent so I set it up and right away I am getting an alert:
Host-based anomaly detection event (rootcheck).
- Files hidden inside directory '/boot/efi'. Link count does not match number of files (3,1).
I enabled SSH temporarily and looked at that location as root (sudo su) and not seeing anything hidden. Thinking as this is also a new install (OPNsense 23.10.2-amd64) it might be some kind of false-positive.
Has anyone seen this before in their setup of Wazuh-Agent plugin?
Logged
sizzling~snitch
Newbie
Posts: 10
Karma: 0
Re: Host-based anomaly detection event (rootcheck).
«
Reply #1 on:
March 21, 2024, 05:22:00 pm »
Following up on this, turns out this is a false positive and has been documented.
Logged
sylaan
Newbie
Posts: 1
Karma: 0
Re: Host-based anomaly detection event (rootcheck).
«
Reply #2 on:
December 02, 2024, 12:46:21 pm »
Where is this documented ?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Host-based anomaly detection event (rootcheck).