Date: Tue, 28 Jan 2003 12:02:58 -0500 From: Eric L Howard <elh@outreachnetworks.com> To: freebsd-security@freebsd.org Subject: Re: chkrootkit & FBSD-5 Message-ID: <20030128170258.GH10966@outreachnetworks.com> In-Reply-To: <200301281516.16413.bofh@online.ie> References: <20030128085617.L167@woody.ops.uunet.co.za> <200301281516.16413.bofh@online.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
At a certain time, now past [Tue, Jan 28, 2003 at 03:16:07PM +0000], Sascha Luck spake thusly: > Hello all, > > on my CURRENT boxes, chkrootkit (v0.38) reports the following binaries > as INFECTED: > > chfn > chsh > date > ls > ps > > as well as 7 hidden PIDs. > > recompiling/reinstalling the binaries seems to have no effect. I'm > tempted to regard these as false positives - anyone else notice this > behaviour? The release notes seem to indicate that chkrootkit isn't ready for RELENG_5_0. ~elh -- Eric L. Howard e l h @ o u t r e a c h n e t w o r k s . c o m ------------------------------------------------------------------------ www.OutreachNetworks.com 313.297.9900 ------------------------------------------------------------------------ JabberID: elh@jabber.org Advocate of the Theocratic Rule To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030128170258.GH10966>