From owner-freebsd-security@FreeBSD.ORG Fri May 21 13:31:52 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6969D16A4CE for ; Fri, 21 May 2004 13:31:52 -0700 (PDT) Received: from prserv.net (asmtp2.prserv.net [32.97.166.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1937A43D1D for ; Fri, 21 May 2004 13:31:52 -0700 (PDT) (envelope-from yann.luppo@attglobal.net) Received: from razor (130.wf21.bltm.wswdc01r18.dsl.att.net[12.103.21.130]) by prserv.net (asmtp2) with SMTP id <2004052120315025200b4svce> (Authid: yann.luppo@attglobal.net); Fri, 21 May 2004 20:31:50 +0000 Message-ID: <026501c43f40$85493200$0f01a8c0@razor> From: "RazorOnFreeBSD" To: References: <021f01c43f3a$e7eb7f40$0f01a8c0@razor><20040521200254.GC89897@happy-idiot-talk.infracaninophile.co.uk> <20040521161133.080c23d7@localhost> Date: Fri, 21 May 2004 16:33:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: Re: Hacked or not ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 May 2004 20:31:52 -0000 yes.... if you have any recommandation on something else? I'm currently moving from chkrootkit 0.41 ot 0.43 maybe it will help! I'll send the response for next people with this problem.... 'cause I don't want to be anoying but after simple searches I didn't find accurate solution or right information for 4.x boxes! For sure I didn't type in the right words if this post pop up every week, but I'm a newbie and futur newbies will have the same problem and probably type the same key words.... and probably add another post on the same subject! Here I and they need a response to stop polluting the mailing list! Don't you think? PS: This was just sort of a notice, nothing aggressive or whatever else you would'nt like! I love everybody and everything on this planet even cows.... (can I except terrorist people? Those are shit!) Sorry for polluting. razor's trying chkrootkit 0.43. ----- Original Message ----- From: "Tom Rhodes" To: "Matthew Seaman" Cc: "RazorOnFreeBSD" ; Sent: Friday, May 21, 2004 10:11 PM Subject: Re: Hacked or not ? > On Fri, 21 May 2004 21:02:54 +0100 > Matthew Seaman wrote: > > > On Fri, May 21, 2004 at 03:52:45PM +0200, RazorOnFreeBSD wrote: > > > > > I have a 4.9-STABLE FreeBSD box apparently hacked! > > > Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. > > > Those are: > > > chfn ... INFECTED > > > chsh ... INFECTED > > > date ... INFECTED > > > ls ... INFECTED > > > ps ... INFECTED > > > > Sheesh. Not this *again*. This is a false alarm: chkrootkit is > > exceedingly sensitive to something about the way such programs work > > under FreeBSD and has to be continually futzed so that it knows not to > > complain on each successive version of FreeBSD. Comes up in this or > > other FreeBSD lists just about every week. > > > > Relax. You're not compromised. You just need better tools. > > > > I love the "just need better tools." without any recommendation > for him. > > -- > Tom Rhodes >