From owner-freebsd-questions@FreeBSD.ORG Wed Jan 28 22:40:57 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 92F311065686 for ; Wed, 28 Jan 2009 22:40:57 +0000 (UTC) (envelope-from eitanadlerlist@gmail.com) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.169]) by mx1.freebsd.org (Postfix) with ESMTP id 5CA998FC12 for ; Wed, 28 Jan 2009 22:40:57 +0000 (UTC) (envelope-from eitanadlerlist@gmail.com) Received: by wf-out-1314.google.com with SMTP id 24so7632922wfg.7 for ; Wed, 28 Jan 2009 14:40:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=BhukEpLIeFpDkyLUcSUGG4ZhTLJnsSVF/c3lMfWpUDg=; b=mhqg83bwEmsY9oCie54WIaHzGopBDRgRy8DNbcEs6b4GoyEGVqKao43YpO9J9iAoGi nPPr93pAtFQyE4hMubxereAd+5vr+Aflgcu9+gaTbXPycFLnPoRoUQKvxj6wnRl0R/xi 7akJuDrWnmWwUNe/koZGhNMwK3kcG/ipNV5XA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=qu+nYP2R8EAXV86HMzeY8NDkiZOXfj2Rxg30iKI5pr/PL0w8zXOYT/grcLMwy404PX SxO775IiOTIov7yG61M6FJYztsPvKF8KTYLmnJzycLo+X3cJfh+WQod9RIWNH971jVsI s85WOY8eVZ/+amkSMKvziDswSJhOZrJhCtbvc= Received: by 10.143.9.9 with SMTP id m9mr3033009wfi.41.1233182456874; Wed, 28 Jan 2009 14:40:56 -0800 (PST) Received: from aargh.lan (ool-182fcc8b.dyn.optonline.net [24.47.204.139]) by mx.google.com with ESMTPS id 22sm36558811wfi.58.2009.01.28.14.40.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 28 Jan 2009 14:40:56 -0800 (PST) Message-ID: <4980DEF3.3010504@gmail.com> Date: Wed, 28 Jan 2009 17:40:51 -0500 From: Eitan Adler User-Agent: Mozilla (X11; U; FreeBSD i386; en-US; ) Gecko Thunderbird Mnenhy/0.7.5.666 MIME-Version: 1.0 To: Glen Barber References: <200901281613.43066.lumiwa@gmail.com> <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> In-Reply-To: <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> X-Enigmail-Version: 0.95.7 OpenPGP: id=E9C2CCD1; url=pgp.mit.edu Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: ajtiM , freebsd-questions@freebsd.org Subject: Re: chkrootkit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2009 22:40:57 -0000 Glen Barber wrote: > On Wed, Jan 28, 2009 at 5:13 PM, ajtiM wrote: >> Hi! >> >> My system: new installed FreeBSD 7.1, KDE 3.5.10 >> >> I ran chkrootkit and I got: >> >> ... >> Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary file >> ... >> ... >> Searching for t0rn's default files and dirs... nothing found >> Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit >> installed... >> > > Have you properly updated chrootkit? If so, it appears you have a > rootkit on your system. How old is the installation? > > I think this post [1] might be relevant from the debian mailing list. [1] http://lists.debian.org/debian-user/2001/12/msg02253.html -- Eitan Adler "Security is increased by designing for the way humans actually behave." -Jakob Nielsen