From owner-freebsd-security@FreeBSD.ORG Sat May 1 09:36:57 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A030316A4CE for ; Sat, 1 May 2004 09:36:57 -0700 (PDT) Received: from smtp02.syd.iprimus.net.au (smtp02.syd.iprimus.net.au [210.50.76.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3384E43D53 for ; Sat, 1 May 2004 09:36:57 -0700 (PDT) (envelope-from wts666@iprimus.com.au) Received: from pionig (203.134.23.96) by smtp02.syd.iprimus.net.au (7.0.024) id 408C4956002AA4DC for freebsd-security@freebsd.org; Sun, 2 May 2004 02:36:55 +1000 Message-ID: <408C4956002AA4DC@> (added by postmaster@iprimus.com.au) From: "Mark Picone" To: Date: Sun, 2 May 2004 02:35:44 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcQve4MWNfuWtSM4RBKQ2wAobqTKQAAHnI0g X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 In-Reply-To: <20040501125409.GA65876@phobos.osem.com> Subject: RE: chkrootkit and 4.10-prerelease issues? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 May 2004 16:36:57 -0000 Probably because chrootkit doesn't know u builtworld and is still checking whether chfn & chsh are infected against 4.9 MD5 Sums, I would suggest reading the manual and seeing how to fix this or just reinstall it. - Mark -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of andy@lewman.com Sent: Saturday, 1 May 2004 10:54 pm To: freebsd-security@freebsd.org Subject: chkrootkit and 4.10-prerelease issues? Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the 5.x issues with chkrootkit? -- Andrew _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"