From owner-freebsd-security@FreeBSD.ORG Sat May 1 17:11:23 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1192016A4CE for ; Sat, 1 May 2004 17:11:23 -0700 (PDT) Received: from phobos.osem.com (phobos.osem.com [66.92.67.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id ABB9343D39 for ; Sat, 1 May 2004 17:11:22 -0700 (PDT) (envelope-from andy@lewman.com) Received: by phobos.osem.com (Postfix, from userid 1001) id 00566190; Sat, 1 May 2004 20:11:18 -0400 (EDT) Date: Sat, 1 May 2004 20:11:18 -0400 From: andy@lewman.com To: freebsd-security@freebsd.org Message-ID: <20040502001118.GA15191@phobos.osem.com> References: <20040501125409.GA65876@phobos.osem.com> <408C4956002AA4DC@> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <408C4956002AA4DC@> User-Agent: Mutt/1.4.2.1i X-phase_of_moon: The Moon is Waxing Gibbous (90% of Full) Subject: Re: chkrootkit and 4.10-prerelease issues? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 May 2004 00:11:23 -0000 Update: I've received a number of replies stating others have the same problem. I've also received a number of replies basically telling me "reinstall noob". Obviously, I've reinstalled the port. A fresh 4.10-PR as cvsup'd " FreeBSD 4.10-PRERELEASE #0: Sat May 1 09:32:14 EDT 2004" has the same problem. Unless the cvs source is trojaned, I'm leaving this as a false positive; just like 5.x shows. -Andrew On Sun, May 02, 2004 at 02:35:44AM +1000, wts666@iprimus.com.au wrote 1.3K bytes in 35 lines about: : Probably because chrootkit doesn't know u builtworld and is still checking : whether chfn & chsh are infected against 4.9 MD5 Sums, I would suggest : reading the manual and seeing how to fix this or just reinstall it. : : - Mark : : -----Original Message----- : From: owner-freebsd-security@freebsd.org : [mailto:owner-freebsd-security@freebsd.org] On Behalf Of andy@lewman.com : Sent: Saturday, 1 May 2004 10:54 pm : To: freebsd-security@freebsd.org : Subject: chkrootkit and 4.10-prerelease issues? : : Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later : report chfn, chsh, and date as infected? : : I built world yesterday, and my nightly chkrootkit reports this on run. : I've replaced the binaries with their 4.9 equivalents, and things don't : report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit : reports them as infected again. : : Is this similar to the 5.x issues with chkrootkit? : : -- : Andrew : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" : : : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- | Andrew | e-mail | web | gpg/pgp keyid | | | andy@lewman.com | www.lewman.com | AC671F9B | "There is no reason for any individual to have a computer in their home." -- Ken Olsen, President of DEC, World Future Society Convention, 1977