RE: chkrootkit and 4.10-prerelease issues?

• Previous message: andy_at_lewman.com: "chkrootkit and 4.10-prerelease issues?"
• In reply to: andy_at_lewman.com: "chkrootkit and 4.10-prerelease issues?"
• Next in thread: andy_at_lewman.com: "Re: chkrootkit and 4.10-prerelease issues?"
• Reply: andy_at_lewman.com: "Re: chkrootkit and 4.10-prerelease issues?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <freebsd-security@freebsd.org>
Date: Sun, 2 May 2004 02:35:44 +1000

Probably because chrootkit doesn't know u builtworld and is still checking
whether chfn & chsh are infected against 4.9 MD5 Sums, I would suggest
reading the manual and seeing how to fix this or just reinstall it.

- Mark

-----Original Message-----
From: owner-freebsd-security@freebsd.org
[mailto:owner-freebsd-security@freebsd.org] On Behalf Of andy@lewman.com
Sent: Saturday, 1 May 2004 10:54 pm
To: freebsd-security@freebsd.org
Subject: chkrootkit and 4.10-prerelease issues?

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later
report chfn, chsh, and date as infected?

I built world yesterday, and my nightly chkrootkit reports this on run.
I've replaced the binaries with their 4.9 equivalents, and things don't
report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit
reports them as infected again.

Is this similar to the 5.x issues with chkrootkit?

--
Andrew
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: andy_at_lewman.com: "chkrootkit and 4.10-prerelease issues?"
• In reply to: andy_at_lewman.com: "chkrootkit and 4.10-prerelease issues?"
• Next in thread: andy_at_lewman.com: "Re: chkrootkit and 4.10-prerelease issues?"
• Reply: andy_at_lewman.com: "Re: chkrootkit and 4.10-prerelease issues?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: chkrootkit & FBSD-5 ... chkrootkit reports the following binaries ... > recompiling/reinstalling the binaries seems to have no effect. ... (FreeBSD-Security) Re: chkrootkit & FBSD-5 ... chkrootkit reports the following binaries ... > recompiling/reinstalling the binaries seems to have no effect. ... (FreeBSD-Security) chfn, date, chsh INFECTED according to chkrootkit ... right now chkrootkit is giving alot of false ... binaries, removed /usr/src and did a 'make world' to ... But, chfn, cfsh, and date are stilling showing as ... New and Improved Yahoo! ... (FreeBSD-Security) Re: My machine compromised? ... > After reading on report of servers compromised. ... Just for curiorsity I ... > run chkrootkit on my own machine and come up with this result: ... (Debian-User) Re: chkrootkit-0.34 report ... Subject: chkrootkit-0.34 report ... Well, I've never used chkrootkit, but it has to get this information ... If the rootkit author wasn't very bright, ... The Bill of Rights: 7 out of 10 rights haven't been sold yet! ... (Focus-Linux)