5.1-RELEASE; Fatal trap 12: page fault while in kernel mode

2003-06-16 Thread cas 
the rest of '/var/log/messages' is in the attachment..

Jun 15 22:00:00 kadafi newsyslog[2458]: logfile turned over due to size100K
Jun 16 00:42:30 kadafi syslogd: kernel boot file is /boot/kernel/kernel
Jun 16 00:42:30 kadafi kernel:
Jun 16 00:42:30 kadafi kernel:
Jun 16 00:42:30 kadafi kernel: Fatal trap 12: page fault while in kernel mode
Jun 16 00:42:30 kadafi kernel: fault virtual address= 0xbffe
Jun 16 00:42:30 kadafi kernel: fault code   = supervisor write, page not 
present
Jun 16 00:42:30 kadafi kernel: instruction pointer  = 0x8:0xc02c349c
Jun 16 00:42:30 kadafi kernel: stack pointer= 0x10:0xdf106b10
Jun 16 00:42:30 kadafi kernel: frame pointer= 0x10:0xdf106b2c
Jun 16 00:42:30 kadafi kernel: code segment = base 0x0, limit 0xf, 
type 0x1b
Jun 16 00:42:30 kadafi kernel: = DPL 0, pres 1, def32 1, gran 1
Jun 16 00:42:30 kadafi kernel: processor eflags = interrupt enabled, resume, IOPL = 0
Jun 16 00:42:30 kadafi kernel: current process  = 11 (swi7: tty:sio clock)
Jun 16 00:42:30 kadafi kernel: trap number  = 12
Jun 16 00:42:30 kadafi kernel: panic: page fault
Jun 16 00:42:30 kadafi kernel: syncing disks, buffers remaining... 7142 7142 7142 7142 
7142 7142 7142 7142 7142 7142 7142 7142 7142 7142 7142 7142 7142 7142 7142 7142


messages
Description: Binary data
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: chkrootkit w/ current

2003-06-08 Thread cas 

From: Perry S. Glenn [EMAIL PROTECTED]
Date: 2003/06/08 Sun AM 03:44:35 EDT
To: [EMAIL PROTECTED]
Subject: chkrootkit w/ current


Hello,
I'm running current and I had left forgot to turn the ftp knob in 
inetd.conf off. I came back after a drive to find my /var/ filesystem
full. I did not (per sysinstall)have anon ftp on, but someone made
lots of bogus directories in /var/ftp/pub anyway.
I decided to install /ports/security/chkrootkit after a short google.
chkrootkit says it finds 12 processes hidden from ps command and a 
possible LKM Trojan installed.
chkroot also calls 
ls ps date chsh and chfn 
INFECTED

Is chkrootkit giving accurate info for FreeBSD-5 ?

Could someone check to see if they get false positives with this script

on current.

TIA

--psglenn

yes.. it does give false positives.. I asked the same question about those commands. 
:-)

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to [EMAIL PROTECTED]