similar to: chkrootkit 0.46 reboots FreeBSD 5.4-RELEASE-p8

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root

Hey all, I've submitted a fix for chkrootkit port, to solve the false positives on FreeBSD 5 and higher: http://www.freebsd.org/cgi/query-pr.cgi?pr=55919 The topic, btw, should be "Teach security/chkrootkit about FreeBSD 5", but it's not my first typo today. Maintainer, please approve. Authors, please see if you can include the changes. I also fixed a minor bug in chk_vdir.

Good morning all; Whils't running chkrootkit 0.42 on one of my 4.7-REL boxen it reported : <snip> Checking 'biff'...not infected ]: not found [: -ne: argument expected Checking 'chfn'...not infected ]: not found [: -ne: argument expected <snip> I've been unable to locate any information ref. the " ]: not found " and " [: -ne: argument

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the

I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and noticed that chfn, date, and chsh showed as being infected. I remember reading post from the past that right now chkrootkit is giving alot of false positives, so I suspected that these 3 binaries are not bad. However, to be on the safe side, I deleted the 3 binaries, removed /usr/src and did a 'make world' to 4.10-STABLE. But, chfn,

Hi! Running chkrootkit on newly installed FreeBSD 5.0 got: -cut- Checking `basename'... not infected Checking `biff'... not infected Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `cron'... not infected Checking `date'... INFECTED -cut- Checking `ls'... INFECTED -cut- Checking `ps'... INFECTED Checking `pstree'... not found -cut- What does it

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

Hello , I have installed the 1.9.18p8 release on my HP9000 ( HP-UX 10.20 ) . I use the same smb.conf than with the p2 release . I have now a problem with the Windows 3.11 clients : In the subdirectories of each share, I can't display the " .. " root directory . Is it a known bug or just an error in my smb.conf ? Thanks for your help. JF

https://bugzilla.mindrot.org/show_bug.cgi?id=2263 Bug ID: 2263 Summary: sshd privsep monitor process doesn't handle SIGXFSZ signal Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

I have a linux system running Samba 1.9.18p7-2 smoothly right now, with perhaps 600 users. I have an NT box with 2 users, for a dedicated application, which is a PDC right now. I have ~300 Win95 client machines that I want to have do a domain login, authenticating off the samba box (running RedHat 5.1, btw) so that I don't have to replicate users onto the NT box when all they really need to

Hi, I am wondering if anyone can help me with a problem I am having when compiling samba. When I issue the "make" command the compilation of the binaries aborts with the following message. "replace.c", line 195: error: identifier redeclared: initgroups *** Error code 1 (bu21) If I comment out the section of code in "replace.c" that declares initgroups and

Hello, I ask this question last week but I got no response : I have installed the 1.9.18p8 release on my HP9000 ( HP-UX 10.20 ). I use the same smb.conf than with the p2 release . I have now a problem with the Windows 3.11 clients : In the subdirectories of each share, I can't display the " .. " root directory ( but it works ). Is it a bug

Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states: ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles

Good evening, I was finish the FreeBSD4.9 installation from CD, and only do some edit with the /etc/rc.firewall, /etc/rc.conf, /boot/defaults/loader.conf, and recompiling the kernel to support my ext2 backup harddisk, with sndcard support too. This's a old laptop (ibm380z), i have chkrootkit warning after all finished, i attached my uname -a, dmesg, pkg_info and chkrootkit result, please

-----Original Message----- From: Jim Shaffer Sent: Friday, March 28, 2003 10:41 AM To: 'Ricardo Cordeiro' Subject: RE: [Samba] who to copy a registry file between users? I think the only way to accomplish this correctly is to copy the user profile to the Default User profile. Then, delete all of the profiles on each machine and on the servers and have them rebuilt when the users log

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next

On 25 Aug 2010, at 02:04, Silvio Ricardo Cordeiro wrote: > On Sun, Aug 15, 2010 at 10:04 PM, Jakob Stoklund Olesen <stoklund at 2pi.dk> wrote: > > On Aug 15, 2010, at 5:12 PM, Silvio Ricardo Cordeiro wrote: > > > Is there a way for me to collect statistics about the number of loads/stores added by the "linearscan" register allocator (just like can be done with

On Sun, Aug 15, 2010 at 10:04 PM, Jakob Stoklund Olesen <stoklund at 2pi.dk>wrote: > > On Aug 15, 2010, at 5:12 PM, Silvio Ricardo Cordeiro wrote: > > > Is there a way for me to collect statistics about the number of > loads/stores added by the "linearscan" register allocator (just like can be > done with the "local" allocator)? I still haven't