Date: Tue, 28 Jan 2003 12:02:58 -0500 From: Eric L Howard <elh@outreachnetworks.com> To: freebsd-security@freebsd.org Subject: Re: chkrootkit & FBSD-5 Message-ID: <20030128170258.GH10966@outreachnetworks.com> In-Reply-To: <200301281516.16413.bofh@online.ie> References: <20030128085617.L167@woody.ops.uunet.co.za> <200301281516.16413.bofh@online.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
At a certain time, now past [Tue, Jan 28, 2003 at 03:16:07PM +0000], Sascha Luck spake thusly:
> Hello all,
>
> on my CURRENT boxes, chkrootkit (v0.38) reports the following binaries
> as INFECTED:
>
> chfn
> chsh
> date
> ls
> ps
>
> as well as 7 hidden PIDs.
>
> recompiling/reinstalling the binaries seems to have no effect. I'm
> tempted to regard these as false positives - anyone else notice this
> behaviour?
The release notes seem to indicate that chkrootkit isn't ready for
RELENG_5_0.
~elh
--
Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m
------------------------------------------------------------------------
www.OutreachNetworks.com 313.297.9900
------------------------------------------------------------------------
JabberID: elh@jabber.org Advocate of the Theocratic Rule
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030128170258.GH10966>