From owner-freebsd-questions@FreeBSD.ORG Thu Jan 29 00:58:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 48C52106566C for ; Thu, 29 Jan 2009 00:58:43 +0000 (UTC) (envelope-from lumiwa@gmail.com) Received: from rn-out-0910.google.com (rn-out-0910.google.com [64.233.170.191]) by mx1.freebsd.org (Postfix) with ESMTP id EA4158FC0A for ; Thu, 29 Jan 2009 00:58:42 +0000 (UTC) (envelope-from lumiwa@gmail.com) Received: by rn-out-0910.google.com with SMTP id k32so3322311rnd.12 for ; Wed, 28 Jan 2009 16:58:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=3R4zE2MQwE7xVpheJQljzDFCu1Lfju79lC3Vd1I04sQ=; b=aIOkNkmMiwCqnmXcN/vK6gfxOFPmAbuWSX7IEeeY+lT5EWQDQmB19VMNjEwYQFvNDr wReYv+yJ1oX9JbvvXm5bCn8z1R2Qv7Bz2A3+xcYIxko+TrdMfOXpETyz+AwZvE0udedm mRWsGUQrT8g2aWys6Aa89krdxhc1i9hQpAt1c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding :content-disposition:message-id; b=qBVQ3xmpUOwnY8GhgkEFdqqqXH7PeWRxwQZfE+4N8mbYba9uE4WFfp3NOkq557ub0f 9+GQeagSxiJdgEU0lQLxscQE9yQN8mzB23ydfiq/gCDBCdeSBj1/SIrdZpLQBeuXJTN6 bnpdUstZw/Q/wLlUs9Zmbe+cKJRveCf7dgKGY= Received: by 10.100.47.13 with SMTP id u13mr5938321anu.106.1233190722331; Wed, 28 Jan 2009 16:58:42 -0800 (PST) Received: from ?192.168.0.100? (CPE-65-29-54-222.wi.res.rr.com [65.29.54.222]) by mx.google.com with ESMTPS id b7sm21486188ana.59.2009.01.28.16.58.40 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 28 Jan 2009 16:58:40 -0800 (PST) From: ajtiM To: Eitan Adler Date: Wed, 28 Jan 2009 18:58:38 -0600 User-Agent: KMail/1.9.10 References: <200901281613.43066.lumiwa@gmail.com> <4ad871310901281430t5fb4f3c7racfc2dc1e1a90350@mail.gmail.com> <4980DEF3.3010504@gmail.com> In-Reply-To: <4980DEF3.3010504@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901281858.38832.lumiwa@gmail.com> Cc: Glen Barber , freebsd-questions@freebsd.org Subject: Re: chkrootkit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jan 2009 00:58:43 -0000 On Wednesday 28 January 2009 16:40:51 Eitan Adler wrote: > Glen Barber wrote: > > On Wed, Jan 28, 2009 at 5:13 PM, ajtiM wrote: > >> Hi! > >> > >> My system: new installed FreeBSD 7.1, KDE 3.5.10 > >> > >> I ran chkrootkit and I got: > >> > >> ... > >> Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary > >> file ... > >> ... > >> Searching for t0rn's default files and dirs... nothing found > >> Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) > >> rootkit installed... > > > > Have you properly updated chrootkit? If so, it appears you have a > > rootkit on your system. How old is the installation? > > I think this post [1] might be relevant from the debian mailing list. > > [1] http://lists.debian.org/debian-user/2001/12/msg02253.html I red and supposed to be libproc.a problem I don't have experience with the chkrootkit and it is not clear for me where it found a rootkit: which file, dir... Thanks. .