--jy6Sn24JjFx/iggw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 21, 2004 at 03:52:45PM +0200, RazorOnFreeBSD wrote: > I have a 4.9-STABLE FreeBSD box apparently hacked! > Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.=20 > Those are: > chfn ... INFECTED > chsh ... INFECTED > date ... INFECTED > ls ... INFECTED > ps ... INFECTED Sheesh. Not this *again*. This is a false alarm: chkrootkit is exceedingly sensitive to something about the way such programs work under FreeBSD and has to be continually futzed so that it knows not to complain on each successive version of FreeBSD. Comes up in this or other FreeBSD lists just about every week. Relax. You're not compromised. You just need better tools. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --jy6Sn24JjFx/iggw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFArmBuiD657aJF7eIRAllGAKCat/LLf51CqfM/KSrItVaIsPyL8ACeKk80 GnyGAmSPI8T38vi1QdUeMhQ= =CZVJ -----END PGP SIGNATURE----- --jy6Sn24JjFx/iggw--