Home » Mailing list archives » freebsd-security » 2007 » November » 20

chkrootkit V. 0.47

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: JP <johnpollock@...>
To: <freebsd-security@...>
Subject: chkrootkit V. 0.47
Date: Tuesday, November 20, 2007 - 10:41 am

Running freeBSD 6.1


After changing chkrootkit to the latest version V. 0.47 and compiling it then

running it I get the following:


==================================

Searching for anomalies in shell history files... nothing found

Checking `asp'... not infected

Checking `bindshell'... INFECTED (PORTS:  6667)

Checking `lkm'... You have   131 process hidden for readdir command

chkproc: Warning: Possible LKM Trojan installed

Checking `rexedcs'... not found

Checking `sniffer'... vr0 is not promisc

Checking `w55808'... not infected

Checking `wted'... chkwtmp: nothing deleted

==================================


Looking above, the above shows a few anomalies like the bindshell ... INFECTED

(PORTS: 6667)

--and--

Checking `lkm'... You have   131 process hidden for readdir command

chkproc: Warning: Possible LKM Trojan installed


I do run an IRCd, and also YABB Message board along with APACHE web server -

would the above then be normal output, and what about the lkm? Many thanks to

those with more experience in this area.


JP


_______________________________________________

freebsd-security@freebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-security

To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: BIND update?, Andrew Storms, (Tue Jul 8, 5:22 pm)
chkrootkit V. 0.47, JP, (Tue Nov 20, 10:41 am)
FreeBSD bug grants local root access (FreeBSD 6.x), Frederique Rijsdijk, (Tue Sep 15, 3:43 am)
Why are most audit events apparently non-attributable?, , (Sat Sep 29, 7:33 pm)
ports/128749: [vuxml] VBA parser vulnerability in ClamAV &lt..., Eygene Ryabinkin, (Mon Nov 10, 7:19 am)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), , (Tue Sep 15, 4:20 am)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Xin LI, (Tue Sep 15, 8:02 pm)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Chris Palmer, (Tue Sep 15, 4:27 pm)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Xin LI, (Tue Sep 15, 8:05 pm)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Chris Rees, (Wed Sep 16, 11:37 am)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Xin LI, (Tue Sep 15, 5:08 am)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Mike Tancsa, (Fri Sep 25, 8:52 am)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Simon L. Nielsen, (Mon Sep 28, 3:22 pm)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Jacques Marneweck, (Fri Oct 2, 1:00 am)
Re: FreeBSD bug grants local root access (FreeBSD 6.x), Bjoern A. Zeeb, (Fri Oct 2, 2:36 am)
Re: BIND update?, Remko Lodder, (Tue Jul 8, 5:31 pm)
Re: BIND update?, Wesley Shields, (Tue Jul 8, 7:29 pm)
Re: chkrootkit V. 0.47, Robert Watson, (Wed Nov 28, 7:45 am)
Re: chkrootkit V. 0.47, Luiz Eduardo Roncato Cordeiro..., (Wed Nov 28, 8:36 am)
Re: chkrootkit V. 0.47, Nikolay Pavlov, (Tue Nov 20, 1:01 pm)
Re: chkrootkit V. 0.47, Peter Pentchev, (Wed Nov 21, 6:44 am)