The latest version of chkrootkit marks 3 files as being "INFECTED"; "chfn chsh date" The system is FreeBSD 4.10-BETA #2: Sun Apr 18 00:31:19 PDT 2004 These files are not detected correctly by the chkrootkit program or all my 4.10 boxes have been "owned" or the source has been compromised.
On Wed, May 05, 2004 at 02:54:44AM -0700, jeff wrote:> The latest version of chkrootkit marks 3 files as being "INFECTED"; "chfn > chsh date" > The system is FreeBSD 4.10-BETA #2: Sun Apr 18 00:31:19 PDT 2004 > > These files are not detected correctly by the chkrootkit program or all my > 4.10 boxes have been "owned" or the source has been compromised.This is a known bug in chkrootkit. For one reason or another, it seems to break every time a new version of FreeBSD is released. The problem was discussed recently on the security list[1] and the resolution was that it will be fixed in the next release of chkrootkit. [1] http://marc.theaimsgroup.com/?l=freebsd-security&m=108359366700515&w=2 Tim
Mentioned files has been incorrectly detected for ages, in both 4.x and 5.x I quit feeding my paranoid mind long ago by not using chkrootkit, do the same :) On Wed, 5 May 2004 07:54 pm, jeff wrote:> The latest version of chkrootkit marks 3 files as being "INFECTED"; "chfn > chsh date" > The system is FreeBSD 4.10-BETA #2: Sun Apr 18 00:31:19 PDT 2004 > > These files are not detected correctly by the chkrootkit program or all my > 4.10 boxes have been "owned" or the source has been compromised. > > > > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"