From owner-freebsd-questions@FreeBSD.ORG Wed Jan 28 22:30:56 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79EDA1065689 for ; Wed, 28 Jan 2009 22:30:56 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-ew0-f21.google.com (mail-ew0-f21.google.com [209.85.219.21]) by mx1.freebsd.org (Postfix) with ESMTP id 0D36A8FC13 for ; Wed, 28 Jan 2009 22:30:55 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by ewy14 with SMTP id 14so4894207ewy.19 for ; Wed, 28 Jan 2009 14:30:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Zdme26L1WmFP7Wr06b+hJM6WgK05ZPqOQp4xcoHSYjY=; b=NJpczwPKdU1Z6zDktc+Z3HQbFeLTyTLsTzi3jIMbujR5gtMxt1gjwtYUUSoLKxKHpo FOUJxgir2GOo1tBiTpE79apxz+1kGQetSm4CSjGIOROpnLZ8pyujRdeLwQl/XPTwH1fJ teyHOqh7n7kKV4Huvb8xHRhDaRkfECitOzU7o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=n8X178pU022Thsd4sw5BkrV6TTfLBS6pYbYqyNmXk2tevd41HIPog99U68UxYNQZF4 eCy5VPjlKWs4JTxxlyxcFfFiirGl8BnyGkIq75dc9b6tzyg2Wn1EVzMIgVNbr/Nkt4Z8 INXzv4hQ8xeGjxSbfL/YVo8yHKl8+3XChEAdA= MIME-Version: 1.0 Received: by 10.223.107.20 with SMTP id z20mr570579fao.28.1233181854779; Wed, 28 Jan 2009 14:30:54 -0800 (PST) In-Reply-To: <200901281613.43066.lumiwa@gmail.com> References: <200901281613.43066.lumiwa@gmail.com> Date: Wed, 28 Jan 2009 17:30:54 -0500 Message-ID: <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> From: Glen Barber To: ajtiM Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: chkrootkit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 22:30:56 -0000 On Wed, Jan 28, 2009 at 5:13 PM, ajtiM wrote: > Hi! > > My system: new installed FreeBSD 7.1, KDE 3.5.10 > > I ran chkrootkit and I got: > > ... > Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary file > ... > ... > Searching for t0rn's default files and dirs... nothing found > Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit > installed... > Have you properly updated chrootkit? If so, it appears you have a rootkit on your system. How old is the installation? -- Glen Barber