Re: chkrootkit & FBSD-5

From: Eric L Howard (elh@outreachnetworks.com)
Date: 01/28/03


Date: Tue, 28 Jan 2003 12:02:58 -0500
From: Eric L Howard <elh@outreachnetworks.com>
To: freebsd-security@freebsd.org

At a certain time, now past [Tue, Jan 28, 2003 at 03:16:07PM +0000], Sascha Luck spake thusly:
> Hello all,
>
> on my CURRENT boxes, chkrootkit (v0.38) reports the following binaries
> as INFECTED:
>
> chfn
> chsh
> date
> ls
> ps
>
> as well as 7 hidden PIDs.
>
> recompiling/reinstalling the binaries seems to have no effect. I'm
> tempted to regard these as false positives - anyone else notice this
> behaviour?

The release notes seem to indicate that chkrootkit isn't ready for
RELENG_5_0.

       ~elh

-- 
Eric L. Howard           e l h @ o u t r e a c h n e t w o r k s . c o m
------------------------------------------------------------------------
www.OutreachNetworks.com                                    313.297.9900
------------------------------------------------------------------------
JabberID: elh@jabber.org                 Advocate of the Theocratic Rule
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message