Date: Fri, 15 Aug 2003 05:16:20 -0600 From: Joe Warner <rootman22@comcast.net> To: "Mikhail E. Zakharov" <zakharov@ipb.redline.ru>, <freebsd-security@freebsd.org> Subject: Re: chkrootkit reports INFECTED :( Message-ID: <200308150516.20309.rootman22@comcast.net> In-Reply-To: <012901c362f2$3108e4e0$620ce8c0@tv.interprom.msk.su> References: <012901c362f2$3108e4e0$620ce8c0@tv.interprom.msk.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 14 August 2003 11:58 pm, Mikhail E. Zakharov wrote: > Hi! > Running chkrootkit on newly installed FreeBSD 5.0 got: > > -cut- > Checking `basename'... not infected > Checking `biff'... not infected > Checking `chfn'... INFECTED > Checking `chsh'... INFECTED > Checking `cron'... not infected > Checking `date'... INFECTED > -cut- > Checking `ls'... INFECTED > -cut- > Checking `ps'... INFECTED > Checking `pstree'... not found > -cut- > > What does it mean? Is my system really hacked? No, that happened to me too on one of my FreeBSD 5.1 -RELEASE systems so I sent an email to Nelson Murilo <nelson@pangeia.com.br> and he responded saying the current version of chkrootkit doesn't work on systems running FreeBSD 5.x yet. =46rom http://www.chkrootkit.org: chkrootkit has been tested on: Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x,= =20 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 3.2 and 3.3, NetBSD 1.5.2= ,=20 Solaris 2.5.1, 2.6 and 8.0, HP-UX 11 and True64. Regards, Joe > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308150516.20309.rootman22>