Hello,
thanks for the info :), that explains why my 4.9-STABLE was not infected
and 4.10-BETA shows false positives..
But I am still bit unsure why my 5.2.1-RELEASE-p4 (not mentioning one false
positive) stops while checking lkm..
Cheers,
Martin
On Thu, Apr 15,
On Wed, Apr 14, 2004 at 12:29:19PM -0700, Mike wrote:
> Well... I installed and ran chkrootkit. And the output shows that:
>
> Checking `chfn'... INFECTED
> Checking `chsh'... INFECTED
> Checking `date'... INFECTED
> Checking `ls'... INFECTED
> Checking `ps'... INFECTED
>
> No rootkits were foun
Hello all,
On Wed, Apr 14, 2004 at 02:11:34PM -0700 or thereabouts, Mike wrote:
> Jeff Maxwell wrote:
>
> >upgrade your ports. The chkrootkit that ships with 4.9 gives false
> >positives
> >
I'm using chrootkit from fresh ports update (v4.3). Results are as:
System 1 on 4.9-STABLE:
no
Jeff Maxwell wrote:
upgrade your ports. The chkrootkit that ships with 4.9 gives false
positives
Jeff:
Thanks for the tip.
I deinstalled the chkrootkit (v-4.1) that came with 4.9. I then
downloaded and installed the most recent version (v-4.3) from the
chkrootkit.org site.
I re-ran chkroot
On Wed, Apr 14, 2004, Mike clacked the keyboard to produce:
> Greetings:
>
> My test system:
> FreeBSD 4.9-stable
> Pentium III 800
>
> I read an earlier post about using chkrootkit to check for root kits
> (intrusions). I'm still learning about FreeBSD so I thought I would run
> this too.
>