similar to: No subject

I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and noticed that chfn, date, and chsh showed as being infected. I remember reading post from the past that right now chkrootkit is giving alot of false positives, so I suspected that these 3 binaries are not bad. However, to be on the safe side, I deleted the 3 binaries, removed /usr/src and did a 'make world' to 4.10-STABLE. But, chfn,

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the

Hey all, I've submitted a fix for chkrootkit port, to solve the false positives on FreeBSD 5 and higher: http://www.freebsd.org/cgi/query-pr.cgi?pr=55919 The topic, btw, should be "Teach security/chkrootkit about FreeBSD 5", but it's not my first typo today. Maintainer, please approve. Authors, please see if you can include the changes. I also fixed a minor bug in chk_vdir.

Hi, I'm thinking of changing the separator form "." to "/" and also to allow only folders under INBOX, changing the Prefix. I have to dovecot-servers, which are synched by the replication plugin. My idea is to switch off Server B, make the necessary config-changes, delete all user maildirs, restart the server an let replication do it's work. After that (and

We recently observed a problem with Solaris HVM domains. The bug was seen was seen with a higher number of VCPUs (3 or more), and always had the same pattern: some memory was allocated in the guest, but the first reference caused it to crash with a fatal pagefault. However, on inspection of the page tables, the guests'' view of the pagetables was consistent: the page was present.

Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than

Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states: ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

Hello, Please, don't use chkrootkit 0.46 on production machines. The "chkproc" process sends a SIGXFSZ (25) signal to init, that interprets this signal as a "disaster" and reboots after a 30s sleep. I'm contacting the chkrootkit maintainer to fix this problem. Sorry, Cordeiro

Good evening, I was finish the FreeBSD4.9 installation from CD, and only do some edit with the /etc/rc.firewall, /etc/rc.conf, /boot/defaults/loader.conf, and recompiling the kernel to support my ext2 backup harddisk, with sndcard support too. This's a old laptop (ibm380z), i have chkrootkit warning after all finished, i attached my uname -a, dmesg, pkg_info and chkrootkit result, please

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next

Hello. Dont know is this list right for this topic, but dont know witch one is. So I got 6.3-STABLE-200807-amd64-disc1.iso I have installed it cd /usr/ports/net/cvsup-without-gui/ make install make clean #cvsup some-stable-sup-file Connected to cvsup.xxxxxx.ru Bus error (core dumped) I cant get fresh src and ports trees and cant compile fresh 6.X-stable system with athlon64 optimization. :(

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

I run chkrootkit daily. For the first time I've got reports of a problem - Checking `bindshell'... INFECTED (PORTS: 1008) The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected- ports-1008/ suggests that this might be a false positive, so I ran 'netstat - tanup' but unlike the report, it wasn't famd on the port. It was tcp 0 0 0.0.0.0:1008

> Il 30/01/19 16:49, Simon Matter ha scritto: >>> On 01/30/19 03:45, Alessandro Baggi wrote: >>>> Il 29/01/19 20:42, mark ha scritto: >>>>> Alessandro Baggi wrote: >>>>>> Il 29/01/19 18:47, mark ha scritto: >>>>>>> Alessandro Baggi wrote: >>>>>>>> Il 29/01/19 15:03, mark ha scritto:

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...

Il 29/01/19 20:42, mark ha scritto: > Alessandro Baggi wrote: >> Il 29/01/19 18:47, mark ha scritto: >>> Alessandro Baggi wrote: >>>> Il 29/01/19 15:03, mark ha scritto: >>>> >>>>> I've no idea what happened, but the box I was working on last week >>>>> has a *second* bad drive. Actually, I'm starting to wonder about

AFTER "make buildworld" I GET THIS ERROR: ===> usr.bin "/usr/src/share/mk/bsd.subdir.mk", line 60: Inconsistent operator for ftp make: fatal errors encountered -- cannot continue *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. SO HOW TO FIX THIS Robert ''***********************************

Hi, I can't build the world. I have an error in SSL, with today cvs sources. Here is the error : /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/bio_ssl.c: In function `ssl_read': /usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/bio_ssl.c:209: `SSL_ERROR_WANT_ACCEPT' undeclared (first use in this function)