Date: Fri, 21 May 2004 21:02:54 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: RazorOnFreeBSD <yann.luppo@attglobal.net> Cc: freebsd-security@freebsd.org Subject: Re: Hacked or not ? Message-ID: <20040521200254.GC89897@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <021f01c43f3a$e7eb7f40$0f01a8c0@razor> References: <021f01c43f3a$e7eb7f40$0f01a8c0@razor>
next in thread | previous in thread | raw e-mail | index | archive | help
--jy6Sn24JjFx/iggw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, May 21, 2004 at 03:52:45PM +0200, RazorOnFreeBSD wrote:
> I have a 4.9-STABLE FreeBSD box apparently hacked!
> Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.=20
> Those are:
> chfn ... INFECTED
> chsh ... INFECTED
> date ... INFECTED
> ls ... INFECTED
> ps ... INFECTED
Sheesh. Not this *again*. This is a false alarm: chkrootkit is
exceedingly sensitive to something about the way such programs work
under FreeBSD and has to be continually futzed so that it knows not to
complain on each successive version of FreeBSD. Comes up in this or
other FreeBSD lists just about every week.
Relax. You're not compromised. You just need better tools.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--jy6Sn24JjFx/iggw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFArmBuiD657aJF7eIRAllGAKCat/LLf51CqfM/KSrItVaIsPyL8ACeKk80
GnyGAmSPI8T38vi1QdUeMhQ=
=CZVJ
-----END PGP SIGNATURE-----
--jy6Sn24JjFx/iggw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040521200254.GC89897>