Re: chkrootkit reports INFECTED :(

• Previous message: Jeff: "Re: chkrootkit reports INFECTED :("
• In reply to: Mikhail E. Zakharov: "chkrootkit reports INFECTED :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Mikhail E. Zakharov" <zakharov@ipb.redline.ru>, <freebsd-security@freebsd.org>
Date: Fri, 15 Aug 2003 05:16:20 -0600

On Thursday 14 August 2003 11:58 pm, Mikhail E. Zakharov wrote:
> Hi!
> Running chkrootkit on newly installed FreeBSD 5.0 got:
>
> -cut-
> Checking `basename'... not infected
> Checking `biff'... not infected
> Checking `chfn'... INFECTED
> Checking `chsh'... INFECTED
> Checking `cron'... not infected
> Checking `date'... INFECTED
> -cut-
> Checking `ls'... INFECTED
> -cut-
> Checking `ps'... INFECTED
> Checking `pstree'... not found
> -cut-
>
> What does it mean? Is my system really hacked?

No, that happened to me too on one of my FreeBSD 5.1 -RELEASE
systems so I sent an email to Nelson Murilo <nelson@pangeia.com.br>
and he responded saying the current version of chkrootkit doesn't work
on systems running FreeBSD 5.x yet.

From http://www.chkrootkit.org:

chkrootkit has been tested on: Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x,
3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 3.2 and 3.3, NetBSD 1.5.2,
Solaris 2.5.1, 2.6 and 8.0, HP-UX 11 and True64.

Regards,

Joe

> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Jeff: "Re: chkrootkit reports INFECTED :("
• In reply to: Mikhail E. Zakharov: "chkrootkit reports INFECTED :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]