Displaying 20 results from an estimated 10000 matches similar to: "No subject"
2004 Aug 18
4
chfn, date, chsh INFECTED according to chkrootkit
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn,
2004 May 01
3
chkrootkit and 4.10-prerelease issues?
Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or
later report chfn, chsh, and date as infected?
I built world yesterday, and my nightly chkrootkit reports this on run.
I've replaced the binaries with their 4.9 equivalents, and things don't
report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit
reports them as infected again.
Is this similar to the
2003 Aug 24
2
[solution] chkrootkit reports infected files
Hey all,
I've submitted a fix for chkrootkit port, to solve the
false positives on FreeBSD 5 and higher:
http://www.freebsd.org/cgi/query-pr.cgi?pr=55919
The topic, btw, should be "Teach security/chkrootkit
about FreeBSD 5", but it's not my first typo today.
Maintainer, please approve.
Authors, please see if you can include the changes.
I also fixed a minor bug in chk_vdir.
2014 Nov 22
1
Migrate Separator and prefix
Hi,
I'm thinking of changing the separator form "." to "/" and also to allow
only folders under INBOX, changing the Prefix.
I have to dovecot-servers, which are synched by the replication plugin.
My idea is to switch off Server B, make the necessary config-changes,
delete all user maildirs, restart the server an let replication do it's
work. After that (and
2009 Jul 02
4
shadow OOS and fast path are incompatible
We recently observed a problem with Solaris HVM domains. The bug was
seen was seen with a higher number of VCPUs (3 or more), and always had
the same pattern: some memory was allocated in the guest, but the first
reference caused it to crash with a fatal pagefault. However, on
inspection of the page tables, the guests'' view of the pagetables was
consistent: the page was present.
2017 Nov 06
1
How to detect botnet user on the server ?
Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than
2006 Feb 21
1
OT Proftpd Continued
Below is a cut and past from my log files that are sent to me. This is
from the last day that proftpd worked correctly. I'm not sure why
proftpd was restarted as the log states:
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Sun Feb 19 09:02:02 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles
2007 Nov 20
2
chkrootkit V. 0.47
Running freeBSD 6.1
After changing chkrootkit to the latest version V. 0.47 and compiling it then
running it I get the following:
==================<SNIPPIT>================
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 6667)
Checking `lkm'... You have 131 process hidden for readdir
2005 Oct 28
0
chkrootkit 0.46 reboots FreeBSD 5.4-RELEASE-p8
Hello,
Please, don't use chkrootkit 0.46 on production machines.
The "chkproc" process sends a SIGXFSZ (25) signal to init,
that interprets this signal as a "disaster" and reboots
after a 30s sleep.
I'm contacting the chkrootkit maintainer to fix this
problem.
Sorry,
Cordeiro
2003 Nov 12
1
really clean install?
Good evening, I was finish the FreeBSD4.9 installation from CD, and only do some edit with the /etc/rc.firewall, /etc/rc.conf, /boot/defaults/loader.conf, and recompiling the kernel to support my ext2 backup harddisk, with sndcard support too.
This's a old laptop (ibm380z), i have chkrootkit warning after all finished, i attached my uname -a, dmesg, pkg_info and chkrootkit result, please
2003 Apr 13
1
chfn, chsh, ls, ps - INFECTED
My machine got hacked a few days ago through the samba bug. I
reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM
but still...
Can anyone please advise ?
bash-2.05b# chkrootkit | grep INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
--
Jay
-------------- next
2008 Aug 06
2
FreeBSD 6.3/amd64: cvsup: Bus error (core dumped)
Hello.
Dont know is this list right for this topic, but dont know witch one is.
So
I got 6.3-STABLE-200807-amd64-disc1.iso
I have installed it
cd /usr/ports/net/cvsup-without-gui/
make install
make clean
#cvsup some-stable-sup-file
Connected to cvsup.xxxxxx.ru
Bus error (core dumped)
I cant get fresh src and ports trees and cant compile fresh 6.X-stable
system with athlon64 optimization. :(
2004 May 21
12
Hacked or not ?
Hi,
I have a 4.9-STABLE FreeBSD box apparently hacked!
Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
Those are:
chfn ... INFECTED
chsh ... INFECTED
date ... INFECTED
ls ... INFECTED
ps ... INFECTED
But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED.
I know by the FreeBSD-Security archives that
2009 Dec 18
3
Security advice, please
I run chkrootkit daily. For the first time I've got reports of a problem -
Checking `bindshell'... INFECTED (PORTS: 1008)
The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected-
ports-1008/ suggests that this might be a false positive, so I ran 'netstat -
tanup' but unlike the report, it wasn't famd on the port. It was
tcp 0 0 0.0.0.0:1008
2019 Jan 31
0
C7, mdadm issues
> Il 30/01/19 16:49, Simon Matter ha scritto:
>>> On 01/30/19 03:45, Alessandro Baggi wrote:
>>>> Il 29/01/19 20:42, mark ha scritto:
>>>>> Alessandro Baggi wrote:
>>>>>> Il 29/01/19 18:47, mark ha scritto:
>>>>>>> Alessandro Baggi wrote:
>>>>>>>> Il 29/01/19 15:03, mark ha scritto:
2005 May 12
1
Do I have an infected init file?
Hello;
I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected.
It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the
2003 Aug 24
2
weird problem with chkrootkit and checksums
Hello,
last night, my chkrootkit crontab returned an alarm message :
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 2 process hidden for ps command
> Warning: Possible LKM Trojan installed
Some research on google make me think it's probably a false positive. I
tried few things :
re-launching chkrootkit : "Checking `lkm'...
2019 Jan 30
0
C7, mdadm issues
Il 29/01/19 20:42, mark ha scritto:
> Alessandro Baggi wrote:
>> Il 29/01/19 18:47, mark ha scritto:
>>> Alessandro Baggi wrote:
>>>> Il 29/01/19 15:03, mark ha scritto:
>>>>
>>>>> I've no idea what happened, but the box I was working on last week
>>>>> has a *second* bad drive. Actually, I'm starting to wonder about
2003 Apr 07
1
make buildworld: inconsistent operator for ftp
AFTER "make buildworld" I GET THIS ERROR:
===> usr.bin
"/usr/src/share/mk/bsd.subdir.mk", line 60: Inconsistent operator for
ftp
make: fatal errors encountered -- cannot continue
*** Error code 1
Stop in /usr/src.
*** Error code 1
Stop in /usr/src.
*** Error code 1
Stop in /usr/src.
SO HOW TO FIX THIS
Robert
''***********************************
2003 May 16
1
Help please : make buildworld fails when upgrading to 4.8 stable
Hi,
I can't build the world. I have an error in SSL, with today cvs
sources. Here is the error :
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/bio_ssl.c: In
function `ssl_read':
/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/bio_ssl.c:209:
`SSL_ERROR_WANT_ACCEPT' undeclared (first use in this function)