From owner-freebsd-security@FreeBSD.ORG Fri Aug 15 04:15:57 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C53D37B408 for ; Fri, 15 Aug 2003 04:15:55 -0700 (PDT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id E626443FDF for ; Fri, 15 Aug 2003 04:15:53 -0700 (PDT) (envelope-from rootman22@comcast.net) Received: from 12-209-185-111.client.attbi.com ([12.209.185.111]) by comcast.net (sccrmhc12) with SMTP id <200308151115520120032g2ee>; Fri, 15 Aug 2003 11:15:53 +0000 From: Joe Warner To: "Mikhail E. Zakharov" , Date: Fri, 15 Aug 2003 05:16:20 -0600 User-Agent: KMail/1.5.2 References: <012901c362f2$3108e4e0$620ce8c0@tv.interprom.msk.su> In-Reply-To: <012901c362f2$3108e4e0$620ce8c0@tv.interprom.msk.su> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200308150516.20309.rootman22@comcast.net> Subject: Re: chkrootkit reports INFECTED :( X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 11:15:57 -0000 On Thursday 14 August 2003 11:58 pm, Mikhail E. Zakharov wrote: > Hi! > Running chkrootkit on newly installed FreeBSD 5.0 got: > > -cut- > Checking `basename'... not infected > Checking `biff'... not infected > Checking `chfn'... INFECTED > Checking `chsh'... INFECTED > Checking `cron'... not infected > Checking `date'... INFECTED > -cut- > Checking `ls'... INFECTED > -cut- > Checking `ps'... INFECTED > Checking `pstree'... not found > -cut- > > What does it mean? Is my system really hacked? No, that happened to me too on one of my FreeBSD 5.1 -RELEASE systems so I sent an email to Nelson Murilo and he responded saying the current version of chkrootkit doesn't work on systems running FreeBSD 5.x yet. =46rom http://www.chkrootkit.org: chkrootkit has been tested on: Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x,= =20 3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 3.2 and 3.3, NetBSD 1.5.2= ,=20 Solaris 2.5.1, 2.6 and 8.0, HP-UX 11 and True64. Regards, Joe > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g"