False positives from chkrootkit? or hacked test server?
Martin Hudec
corwin at aeternal.net
Wed Apr 14 14:42:39 PDT 2004
Hello all,
On Wed, Apr 14, 2004 at 02:11:34PM -0700 or thereabouts, Mike wrote:
> Jeff Maxwell wrote:
>
> >upgrade your ports. The chkrootkit that ships with 4.9 gives false
> >positives
> >
I'm using chrootkit from fresh ports update (v4.3). Results are as:
System 1 on 4.9-STABLE:
nothing found
System 2 on 4.10-BETA:
chfn, chsh, date infected
System 3 on 5.2.1-RELEASE-p4:
date infected, stops (freezes) at checking 'lkm'
strace shows:
wait4(-1, Process 610 attached - interrupt to quit
Systems are behind two firewalls, with only ssh allowed (5.x) or
ftp, ssh, smtp, www, pop3 and https allowed (4.x).
--
Martin Hudec | corwin at aeternal.net
| corwin at web.markiza.sk
http://www.aeternal.net | cell +421 907 303 393
More information about the freebsd-questions
mailing list