Date: Wed, 14 Apr 2004 23:43:53 +0200 From: Martin Hudec <corwin@aeternal.net> To: freebsd-questions@freebsd.org Subject: Re: False positives from chkrootkit? or hacked test server? Message-ID: <20040414214353.GC96246@pleiades.aeternal.net> In-Reply-To: <407DA906.4070209@pacbell.net> References: <407D910F.8050507@pacbell.net> <38D85174-8E4F-11D8-986A-000502716489@epix.net> <407DA906.4070209@pacbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello all, On Wed, Apr 14, 2004 at 02:11:34PM -0700 or thereabouts, Mike wrote: > Jeff Maxwell wrote: > > >upgrade your ports. The chkrootkit that ships with 4.9 gives false > >positives > > I'm using chrootkit from fresh ports update (v4.3). Results are as: System 1 on 4.9-STABLE: nothing found System 2 on 4.10-BETA: chfn, chsh, date infected System 3 on 5.2.1-RELEASE-p4: date infected, stops (freezes) at checking 'lkm' strace shows: wait4(-1, Process 610 attached - interrupt to quit Systems are behind two firewalls, with only ssh allowed (5.x) or ftp, ssh, smtp, www, pop3 and https allowed (4.x). -- Martin Hudec | corwin at aeternal.net | corwin at web.markiza.sk http://www.aeternal.net | cell +421 907 303 393
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040414214353.GC96246>