From owner-freebsd-questions Thu Feb 20 19:20:30 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 588E237B401 for ; Thu, 20 Feb 2003 19:20:29 -0800 (PST) Received: from tomts8-srv.bellnexxia.net (tomts8.bellnexxia.net [209.226.175.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 627EA43FB1 for ; Thu, 20 Feb 2003 19:20:28 -0800 (PST) (envelope-from matt@gsicomp.on.ca) Received: from gabby.gsicomp.on.ca ([65.95.176.5]) by tomts8-srv.bellnexxia.net (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP id <20030221032027.WDVR19204.tomts8-srv.bellnexxia.net@gabby.gsicomp.on.ca>; Thu, 20 Feb 2003 22:20:27 -0500 Received: from hermes (memmerto@hermes.gsicomp.on.ca [192.168.0.18]) by gabby.gsicomp.on.ca (8.12.6/8.12.6) with SMTP id h1L3HMjC033610; Thu, 20 Feb 2003 22:17:22 -0500 (EST) (envelope-from matt@gsicomp.on.ca) Message-ID: <003401c2d958$1a8c31a0$1200a8c0@gsicomp.on.ca> From: "Matthew Emmerton" To: "Silent Secrets" , References: <20030221030548.74409.qmail@web41114.mail.yahoo.com> Subject: Re: Root Kits? Date: Thu, 20 Feb 2003 22:19:53 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > We've done a freash installation of FreeBSD 5.0 on our > system, downloaded a root kit checker from > www.chkrootkit.com & found that a few things were > infected. The files include chfn, chsh, date, ls, and > ps. We made sure the system was compleatly isolated by > installing from the cd's & burning the root kit checker > to cd & installing it from there. > > If you could let me know if this is an error on the root > kit checker or something else is causing it to look > infected, that'd be great. It doesn't support FreeBSD 5.0 yet. From http://www.chkrootkit.com/: chkrootkit has been tested on: Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 and 3.2, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0. -- Matt Emmerton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message