chkrootkit V. 0.47
- From: JP <johnpollock@xxxxxxxxxxxxx>
- Date: Tue, 20 Nov 2007 09:41:52 -0500
Running freeBSD 6.1
After changing chkrootkit to the latest version V. 0.47 and compiling it then
running it I get the following:
==================<SNIPPIT>================
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 6667)
Checking `lkm'... You have 131 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... vr0 is not promisc
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
==================</SNIPPIT>================
Looking above, the above shows a few anomalies like the bindshell ... INFECTED
(PORTS: 6667)
--and--
Checking `lkm'... You have 131 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed
I do run an IRCd, and also YABB Message board along with APACHE web server -
would the above then be normal output, and what about the lkm? Many thanks to
those with more experience in this area.
JP
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: chkrootkit V. 0.47
- From: Robert Watson
- Re: chkrootkit V. 0.47
- From: Nikolay Pavlov
- Re: chkrootkit V. 0.47
- Prev by Date: Re: testing wireless security
- Next by Date: Re: IPSEC help
- Previous by thread: testing wireless security
- Next by thread: Re: chkrootkit V. 0.47
- Index(es):
Relevant Pages
|
|
