Date: Tue, 20 Nov 2007 09:41:52 -0500 From: JP <johnpollock@bellsouth.net> To: freebsd-security@freebsd.org Subject: chkrootkit V. 0.47 Message-ID: <200711200941.52719.johnpollock@bellsouth.net>
next in thread | raw e-mail | index | archive | help
Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed Checking `rexedcs'... not found Checking `sniffer'... vr0 is not promisc Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted ==================</SNIPPIT>================ Looking above, the above shows a few anomalies like the bindshell ... INFECTED (PORTS: 6667) --and-- Checking `lkm'... You have 131 process hidden for readdir command chkproc: Warning: Possible LKM Trojan installed I do run an IRCd, and also YABB Message board along with APACHE web server - would the above then be normal output, and what about the lkm? Many thanks to those with more experience in this area. JP
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711200941.52719.johnpollock>