On Thursday 14 August 2003 11:58 pm, Mikhail E. Zakharov
wrote:> Hi!
> Running chkrootkit on newly installed FreeBSD 5.0 got:
>
> -cut-
> Checking `basename'... not infected
> Checking `biff'... not infected
> Checking `chfn'... INFECTED
> Checking `chsh'... INFECTED
> Checking `cron'... not infected
> Checking `date'... INFECTED
> -cut-
> Checking `ls'... INFECTED
> -cut-
> Checking `ps'... INFECTED
> Checking `pstree'... not found
> -cut-
>
> What does it mean? Is my system really hacked?
No, that happened to me too on one of my FreeBSD 5.1 -RELEASE
systems so I sent an email to Nelson Murilo <nelson@pangeia.com.br>
and he responded saying the current version of chkrootkit doesn't work
on systems running FreeBSD 5.x yet.
From http://www.chkrootkit.org:
chkrootkit has been tested on: Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x,
3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 3.2 and 3.3, NetBSD 1.5.2,
Solaris 2.5.1, 2.6 and 8.0, HP-UX 11 and True64.
Regards,
Joe
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"