Hacked or not ?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Fri May 21 13:03:07 PDT 2004
On Fri, May 21, 2004 at 03:52:45PM +0200, RazorOnFreeBSD wrote:
> I have a 4.9-STABLE FreeBSD box apparently hacked!
> Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
> Those are:
> chfn ... INFECTED
> chsh ... INFECTED
> date ... INFECTED
> ls ... INFECTED
> ps ... INFECTED
Sheesh. Not this *again*. This is a false alarm: chkrootkit is
exceedingly sensitive to something about the way such programs work
under FreeBSD and has to be continually futzed so that it knows not to
complain on each successive version of FreeBSD. Comes up in this or
other FreeBSD lists just about every week.
Relax. You're not compromised. You just need better tools.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20040521/c8be8184/attachment.bin
More information about the freebsd-security
mailing list