Date: Thu, 11 Sep 2003 12:50:02 +0400 From: Alex Povolotsky <tarkhil@webmail.sub.ru> To: freebsd-security@freebsd.org Subject: Re: chkrotkit 4.1 and FreeBSD 4.5 Message-ID: <20030911125002.5f643aaf.tarkhil@webmail.sub.ru> In-Reply-To: <20030911105744.240e66be.tarkhil@webmail.sub.ru> References: <20030911105744.240e66be.tarkhil@webmail.sub.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Sep 2003 10:57:44 +0400 Alex Povolotsky <tarkhil@webmail.sub.ru> wrote: AP> Hello! AP> AP> I've found that on two FreeBSD 4.5-RELEASE boxes chkrootkit finds: AP> AP> Checking `chfn'... INFECTED AP> Checking `chsh'... INFECTED AP> Checking `date'... INFECTED AP> Checking `ls'... INFECTED AP> Checking `ps'... INFECTED AP> AP> recompiling, say, ls from souces didn't help. False positive or AP> source changed as well? False positive. chkrootkit for some reason I could not understand thinks that 4.5-RELEASE is 5.* -- Alex.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030911125002.5f643aaf.tarkhil>