Displaying 20 results from an estimated 300 matches similar to: "really clean install?"
2003 Oct 01
3
chkrootkit 0.42 & 4.7-REL... "[: -ne: argument expected".... huh?
Good morning all;
Whils't running chkrootkit 0.42 on one of my 4.7-REL boxen it reported :
<snip>
Checking 'biff'...not infected
]: not found
[: -ne: argument expected
Checking 'chfn'...not infected
]: not found
[: -ne: argument expected
<snip>
I've been unable to locate any information ref. the " ]: not found " and "
[: -ne: argument
2004 May 10
1
probs w/ make and make install
cd `dirname dlls/__install-lib__` && make install-lib
rm -f libdxerr8.a && ln -s dxerr8/libdxerr8.a libdxerr8.a
rm -f libdxerr9.a && ln -s dxerr9/libdxerr9.a libdxerr9.a
rm -f libdxguid.a && ln -s dxguid/libdxguid.a libdxguid.a
rm -f libuuid.a && ln -s uuid/libuuid.a libuuid.a
cd `dirname advapi32/__install__` && make install
2004 May 01
3
chkrootkit and 4.10-prerelease issues?
Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or
later report chfn, chsh, and date as infected?
I built world yesterday, and my nightly chkrootkit reports this on run.
I've replaced the binaries with their 4.9 equivalents, and things don't
report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit
reports them as infected again.
Is this similar to the
2004 Aug 18
4
chfn, date, chsh INFECTED according to chkrootkit
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn,
2004 May 21
12
Hacked or not ?
Hi,
I have a 4.9-STABLE FreeBSD box apparently hacked!
Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
Those are:
chfn ... INFECTED
chsh ... INFECTED
date ... INFECTED
ls ... INFECTED
ps ... INFECTED
But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED.
I know by the FreeBSD-Security archives that
2003 Aug 24
2
[solution] chkrootkit reports infected files
Hey all,
I've submitted a fix for chkrootkit port, to solve the
false positives on FreeBSD 5 and higher:
http://www.freebsd.org/cgi/query-pr.cgi?pr=55919
The topic, btw, should be "Teach security/chkrootkit
about FreeBSD 5", but it's not my first typo today.
Maintainer, please approve.
Authors, please see if you can include the changes.
I also fixed a minor bug in chk_vdir.
2003 Aug 14
2
chkrootkit reports INFECTED :(
Hi!
Running chkrootkit on newly installed FreeBSD 5.0 got:
-cut-
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... not infected
Checking `date'... INFECTED
-cut-
Checking `ls'... INFECTED
-cut-
Checking `ps'... INFECTED
Checking `pstree'... not found
-cut-
What does it
2003 Nov 12
0
really clean install? - attachments
--
_______________________________________________
Get your free email from http://mymail.bsdmail.com
Powered by Outblaze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chkrootkit.20031113
Type: application/octet-stream
Size: 3948 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20031113/206f8da5/chkrootkit.obj
2005 Jan 11
3
Think someone has got into my server...
I have just run chkrootkit on my server and have the following two
suspicious entries..
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
and further down..
Checking `bindshell'... INFECTED (PORTS: 465)
Anyone have any advice for getting rid of it??
Later..
2004 Aug 06
1
FW: Problem with ezstream
Hello Guyz,
I am facing a problem while trying to compile ezstream 0.1.2.
First some information about my setup:
nsti# uname -a
FreeBSD nsti.localdomain 4.9-RELEASE-p7 FreeBSD 4.9-RELEASE-p7 #0: Thu May
13 21:46:04 IST 2004 prince@nsti.localdomain:/usr/obj/usr/src/sys/NSTI
i386
nsti# pkg_info
BitchX-1.1 "An alternative ircII color client with optional
GTK/GNOME
2003 Apr 13
1
chfn, chsh, ls, ps - INFECTED
My machine got hacked a few days ago through the samba bug. I
reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM
but still...
Can anyone please advise ?
bash-2.05b# chkrootkit | grep INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
--
Jay
-------------- next
2005 May 12
1
Do I have an infected init file?
Hello;
I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected.
It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the
2007 Nov 20
2
chkrootkit V. 0.47
Running freeBSD 6.1
After changing chkrootkit to the latest version V. 0.47 and compiling it then
running it I get the following:
==================<SNIPPIT>================
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 6667)
Checking `lkm'... You have 131 process hidden for readdir
2006 Feb 21
1
OT Proftpd Continued
Below is a cut and past from my log files that are sent to me. This is
from the last day that proftpd worked correctly. I'm not sure why
proftpd was restarted as the log states:
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Sun Feb 19 09:02:02 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles
2009 Dec 18
3
Security advice, please
I run chkrootkit daily. For the first time I've got reports of a problem -
Checking `bindshell'... INFECTED (PORTS: 1008)
The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected-
ports-1008/ suggests that this might be a false positive, so I ran 'netstat -
tanup' but unlike the report, it wasn't famd on the port. It was
tcp 0 0 0.0.0.0:1008
2008 Jan 13
3
Anti-Rootkit app
Hi all,
I need to install an anti-rootkid in a lot of servers. I know that
there're several options: tripwire, aide, chkrootkit...
?What do you prefer?
Obviously, I have to define my needs:
- easy setup and configuration
- actively developed
--
Thanks,
Jordi Espasa Clofent
2017 Nov 06
2
How to detect botnet user on the server ?
Hello guys,
Whats is the best way to identify a possible user using a botnet with php
in the server? And if he is using GET commands for example in other server.
Does apache logs outbound conections ?
If it is using a file that is not malicious the clam av would not identify.
Thanks
2006 Feb 05
3
Relaying of spam
Hi, sorry if this isn't the right place to post, but I'm having some
trouble figuring out a spamming issue. If anyone here can help, that'd
be amazing.
I'm running Brian's CentOS/BlueQuartz CD, version 3.5 from Nuonce.net.
Everything seemed to be running fine for several days until this
morning, when I received a zillion "returned mail" notices from the
mailer
2003 Aug 28
4
compromised server
I have a server that has been compromised.
I'm running version 4.6.2
when I do
>last
this line comes up in the list.
shutdown ~ Thu Aug 28 05:22
That was the time the server went down.
There seemed to be some configuration changes.
Some of the files seemed to revert back to default versions
(httpd.conf, resolv.conf)
Does anyone have a clue what type of
2006 Mar 11
4
Centosplus & CentOS Extras, Enlarge your tent
I think Jim (the other one) is doing a marvellous job with extras and
plus but he needs to expand the size of his tent. A sensible package
policy in extras/plus repo will mean fewer temptations to install 3rd
party repo's that can break your system. Some of the packages i
would like to see are :-
- MySQL 5 rpms
- php 5 rpms (already provided)
- Open Office 2.0 rpms
- webmin
- rkhunter
-