============================================================ From: "Perry S. Glenn" <[EMAIL PROTECTED]> Date: 2003/06/08 Sun AM 03:44:35 EDT To: [EMAIL PROTECTED] Subject: chkrootkit w/ current
Hello, I'm running current and I had left forgot to turn the ftp knob in inetd.conf off. I came back after a drive to find my /var/ filesystem full. I did not (per sysinstall)have anon ftp on, but someone made lots of bogus directories in /var/ftp/pub anyway. I decided to install /ports/security/chkrootkit after a short google. chkrootkit says it finds 12 processes hidden from ps command and a possible LKM Trojan installed. chkroot also calls ls ps date chsh and chfn "INFECTED" Is chkrootkit giving accurate info for FreeBSD-5 ? Could someone check to see if they get false positives with this script on current. TIA --psglenn ============================================================ yes.. it does give false positives.. I asked the same question about those commands. :-) _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "[EMAIL PROTECTED]"
