Date: Sat, 1 May 2004 20:11:18 -0400 From: andy@lewman.com To: freebsd-security@freebsd.org Subject: Re: chkrootkit and 4.10-prerelease issues? Message-ID: <20040502001118.GA15191@phobos.osem.com> In-Reply-To: <408C4956002AA4DC@> References: <20040501125409.GA65876@phobos.osem.com> <408C4956002AA4DC@>
next in thread | previous in thread | raw e-mail | index | archive | help
Update: I've received a number of replies stating others have the same problem. I've also received a number of replies basically telling me "reinstall noob". Obviously, I've reinstalled the port. A fresh 4.10-PR as cvsup'd " FreeBSD 4.10-PRERELEASE #0: Sat May 1 09:32:14 EDT 2004" has the same problem. Unless the cvs source is trojaned, I'm leaving this as a false positive; just like 5.x shows. -Andrew On Sun, May 02, 2004 at 02:35:44AM +1000, wts666@iprimus.com.au wrote 1.3K bytes in 35 lines about: : Probably because chrootkit doesn't know u builtworld and is still checking : whether chfn & chsh are infected against 4.9 MD5 Sums, I would suggest : reading the manual and seeing how to fix this or just reinstall it. : : - Mark : : -----Original Message----- : From: owner-freebsd-security@freebsd.org : [mailto:owner-freebsd-security@freebsd.org] On Behalf Of andy@lewman.com : Sent: Saturday, 1 May 2004 10:54 pm : To: freebsd-security@freebsd.org : Subject: chkrootkit and 4.10-prerelease issues? : : Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later : report chfn, chsh, and date as infected? : : I built world yesterday, and my nightly chkrootkit reports this on run. : I've replaced the binaries with their 4.9 equivalents, and things don't : report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit : reports them as infected again. : : Is this similar to the 5.x issues with chkrootkit? : : -- : Andrew : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" : : : _______________________________________________ : freebsd-security@freebsd.org mailing list : http://lists.freebsd.org/mailman/listinfo/freebsd-security : To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- | Andrew | e-mail | web | gpg/pgp keyid | | | andy@lewman.com | www.lewman.com | AC671F9B | "There is no reason for any individual to have a computer in their home." -- Ken Olsen, President of DEC, World Future Society Convention, 1977
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040502001118.GA15191>