chkrotkit 4.1 and FreeBSD 4.5
Alex Povolotsky
tarkhil at webmail.sub.ru
Thu Sep 11 01:49:58 PDT 2003
On Thu, 11 Sep 2003 10:57:44 +0400
Alex Povolotsky <tarkhil at webmail.sub.ru> wrote:
AP> Hello!
AP>
AP> I've found that on two FreeBSD 4.5-RELEASE boxes chkrootkit finds:
AP>
AP> Checking `chfn'... INFECTED
AP> Checking `chsh'... INFECTED
AP> Checking `date'... INFECTED
AP> Checking `ls'... INFECTED
AP> Checking `ps'... INFECTED
AP>
AP> recompiling, say, ls from souces didn't help. False positive or
AP> source changed as well?
False positive. chkrootkit for some reason I could not understand thinks that 4.5-RELEASE is 5.*
--
Alex.
More information about the freebsd-security
mailing list