Subject: Chkrootkit 0.44
To: None <port-i386@netbsd.org>
From: Richard Ibbotson <richard@sheflug.co.uk>
List: port-i386
Date: 09/14/2004 15:10:32
Hi
Don't know if this is the right place to ask but thought I might try
anyway.
I ran chkrootkit 0.44 on my i386 based NetBSD 1.62 machine today and
found the following in the resulting logs...
Checking `init' ... not infected
Checking `killall' ... not found
Checking `ldsopreload' ... not tested
Checking `login' ... INFECTED
Checking `ls' ... not infected
Checking `lsof' ... not found
I think the question night be something like this. Is this something
that chkrootkit does with NetBSD 1.6.2 or is login really infected ?
This is a net facing firewall box. What to do if it really is infected
?
Regards
Richard