chkrootkit and 4.10-prerelease issues?

andy at lewman.com andy at lewman.com
Sat May 1 17:11:23 PDT 2004 

Update:  I've received a number of replies stating others have the same
problem.  I've also received a number of replies basically telling me
"reinstall noob".  

Obviously, I've reinstalled the port.  A fresh 4.10-PR as cvsup'd 
" FreeBSD 4.10-PRERELEASE #0: Sat May  1 09:32:14 EDT 2004" has the same
problem.  Unless the cvs source is trojaned, I'm leaving this as a false
positive; just like 5.x shows.

-Andrew


On Sun, May 02, 2004 at 02:35:44AM +1000, wts666 at iprimus.com.au wrote 1.3K bytes in 35 lines about:
: Probably because chrootkit doesn't know u builtworld and is still checking
: whether chfn & chsh are infected against 4.9 MD5 Sums, I would suggest
: reading the manual and seeing how to fix this or just reinstall it.
: 
: - Mark
: 
: -----Original Message-----
: From: owner-freebsd-security at freebsd.org
: [mailto:owner-freebsd-security at freebsd.org] On Behalf Of andy at lewman.com
: Sent: Saturday, 1 May 2004 10:54 pm
: To: freebsd-security at freebsd.org
: Subject: chkrootkit and 4.10-prerelease issues?
: 
: Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later
: report chfn, chsh, and date as infected?
: 
: I built world yesterday, and my nightly chkrootkit reports this on run.
: I've replaced the binaries with their 4.9 equivalents, and things don't
: report as infected.  I upgrade the 4.9 machine to 4.10, and chkrootkit
: reports them as infected again.  
: 
: Is this similar to the 5.x issues with chkrootkit?
: 
: --
: Andrew
: _______________________________________________
: freebsd-security at freebsd.org mailing list
: http://lists.freebsd.org/mailman/listinfo/freebsd-security
: To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
: 
: 
: _______________________________________________
: freebsd-security at freebsd.org mailing list
: http://lists.freebsd.org/mailman/listinfo/freebsd-security
: To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"

-- 

| Andrew |     e-mail      |      web       | gpg/pgp keyid |
|        | andy at lewman.com | www.lewman.com |   AC671F9B    |

"There is no reason for any individual to have a computer in their
home."
		-- Ken Olsen, President of DEC, World Future Society
		   Convention, 1977

More information about the freebsd-security mailing list