chkrootkit reports INFECTED :(
Joe Warner
rootman22 at comcast.net
Fri Aug 15 04:15:57 PDT 2003
On Thursday 14 August 2003 11:58 pm, Mikhail E. Zakharov wrote:
> Hi!
> Running chkrootkit on newly installed FreeBSD 5.0 got:
>
> -cut-
> Checking `basename'... not infected
> Checking `biff'... not infected
> Checking `chfn'... INFECTED
> Checking `chsh'... INFECTED
> Checking `cron'... not infected
> Checking `date'... INFECTED
> -cut-
> Checking `ls'... INFECTED
> -cut-
> Checking `ps'... INFECTED
> Checking `pstree'... not found
> -cut-
>
> What does it mean? Is my system really hacked?
No, that happened to me too on one of my FreeBSD 5.1 -RELEASE
systems so I sent an email to Nelson Murilo <nelson at pangeia.com.br>
and he responded saying the current version of chkrootkit doesn't work
on systems running FreeBSD 5.x yet.
From http://www.chkrootkit.org:
chkrootkit has been tested on: Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x,
3.x and 4.x, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 3.2 and 3.3, NetBSD 1.5.2,
Solaris 2.5.1, 2.6 and 8.0, HP-UX 11 and True64.
Regards,
Joe
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list