Date: Wed, 28 Jan 2009 18:58:38 -0600 From: ajtiM <lumiwa@gmail.com> To: Eitan Adler <eitanadlerlist@gmail.com> Cc: Glen Barber <glen.j.barber@gmail.com>, freebsd-questions@freebsd.org Subject: Re: chkrootkit Message-ID: <200901281858.38832.lumiwa@gmail.com> In-Reply-To: <4980DEF3.3010504@gmail.com> References: <200901281613.43066.lumiwa@gmail.com> <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> <4980DEF3.3010504@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 28 January 2009 16:40:51 Eitan Adler wrote: > Glen Barber wrote: > > On Wed, Jan 28, 2009 at 5:13 PM, ajtiM <lumiwa@gmail.com> wrote: > >> Hi! > >> > >> My system: new installed FreeBSD 7.1, KDE 3.5.10 > >> > >> I ran chkrootkit and I got: > >> > >> ... > >> Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary > >> file ... > >> ... > >> Searching for t0rn's default files and dirs... nothing found > >> Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) > >> rootkit installed... > > > > Have you properly updated chrootkit? If so, it appears you have a > > rootkit on your system. How old is the installation? > > I think this post [1] might be relevant from the debian mailing list. > > [1] http://lists.debian.org/debian-user/2001/12/msg02253.html I red and supposed to be libproc.a problem I don't have experience with the chkrootkit and it is not clear for me where it found a rootkit: which file, dir... Thanks. .
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901281858.38832.lumiwa>