From owner-freebsd-questions@FreeBSD.ORG  Thu Nov 24 07:32:42 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ABE5F106566C
	for <freebsd-questions@freebsd.org>;
	Thu, 24 Nov 2011 07:32:42 +0000 (UTC)
	(envelope-from basarevych@gmail.com)
Received: from mail-qy0-f182.google.com (mail-qy0-f182.google.com
	[209.85.216.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 6E3EA8FC15
	for <freebsd-questions@freebsd.org>;
	Thu, 24 Nov 2011 07:32:42 +0000 (UTC)
Received: by qyg36 with SMTP id 36so2411536qyg.13
	for <freebsd-questions@freebsd.org>;
	Wed, 23 Nov 2011 23:32:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	bh=K+SMek/0myFiL/KOorYWjKI+U4PBC+dGm4HQ7SSVnvU=;
	b=GD50+SoH6n3VxucT519k6rjzyjZObvlDFIuA9BLWnT0XReROpcEybhDS+hEOgAknhL
	VeS5N+RPhYcOlnlCp+sEaeEEMyg93QaLksmcCmP/BLoiAXuqjBnD3a55ZYr+4zyHUl6h
	eBmBVCuLTaVif1U/jR03OiAeuUizwa4cvh8ho=
MIME-Version: 1.0
Received: by 10.229.63.194 with SMTP id c2mr3127379qci.18.1322119961596; Wed,
	23 Nov 2011 23:32:41 -0800 (PST)
Received: by 10.224.45.141 with HTTP; Wed, 23 Nov 2011 23:32:41 -0800 (PST)
Date: Thu, 24 Nov 2011 09:32:41 +0200
Message-ID: <CANmv3=yDOqZQ0E+9EE1i3a5vXBs7D7tvQx7Ag27Rc1Ba9ZJGbQ@mail.gmail.com>
From: Ross <basarevych@gmail.com>
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
Subject: Do you run OSSEC on 9.0?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2011 07:32:42 -0000

I am getting emails about hidden files in /dev. Before that (on 8.2)
everything was OK. What should I do?


OSSEC HIDS Notification.
2011 Nov 24 08:17:25

Received From: coffin->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):

Files hidden inside directory '/dev'. Link count does not match number
of files (9,27).



 --END OF NOTIFICATION