I'm running freebsd as an vm. I recently got a hit from the ossec agent: OSSEC HIDS Notification. 2014 Aug 28 03:01:34 Received From: (host) xxx.xxx.xxx.xxx->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Process '9990' hidden from kill (1), getsid (0) or getpgid. Possible kernel-level rootkit. It took a couple of days for me to respond to the alert but I could not find the process. Is there any reason this could be explained because freebsd is running as a vm? Any other thoughts? __ Arne _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"