Thanks for the response. This is reassuring, but I am still wondering why I've never seen a warning like this until today. I've been running OSSEC on several Ubuntu machines for a while (although it's only since last weekend that one of them runs Hardy) and this is the first time I've gotten warned about nobody. Also, as the output below indicates, I have no cronjobs scheduled for 8:40. Can I still be confident that there's no problem?
Nothing to worry about. nobody is a user on your machine. She pops into mine at about 6:25 and does a bit of housekeeping. Rotating logs, updating the locate database etc. Have a look in /etc to see what you have scheduled for 08:40.
$ cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
05 00 * * * root /var/ossec/bin/ossec-control restart