Date: Thu, 08 Apr 2004 02:58:04 +0200 From: Artur Pydo <artur@pydo.org> To: cordeiro@nic.br Cc: ports@FreeBSD.org Subject: [Fwd: New FreeBSD release breaks version detection in chkrootkit.] Message-ID: <4074A39C.7040804@pydo.org>
next in thread | raw e-mail | index | archive | help
Hello,
I sent a message to authors of chkrootkit earlier today
because the FreeBSD version detection is broken with the release
of 4.10 and chkrootkit display false positives with 'chfn',
'chsh' and 'date'.
-------- Original Message --------
Subject: New FreeBSD release breaks version detection in chkrootkit.
Date: Thu, 08 Apr 2004 02:48:54 +0200
From: Artur Pydo <artur@pydo.org>
To: nelson@pangeia.com.br
CC: jessen@nic.br
Hello,
FreeBSD released 4.10 Beta today and this version
number breaks your version detection in chkrootkit
shell script.
Example :
VERSION=`${uname} -r` <= returns 4.10-BETA
if [ "${SYSTEM}" != "FreeBSD" -a ${SYSTEM} != "OpenBSD" ] ; then
V=44
else
V=`echo $VERSION | cut -d- -f 1 | ${sed} 's/\.//g'` <= returns 410
fi
While detecting FreeBSD 5.0 you look for value greater than 50
and it fails with the current release as its value is 410.
The result of this are false positive on :
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
--
Best regards,
Artur Pydo.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4074A39C.7040804>