On Wed, Apr 14, 2004, Mike clacked the keyboard to produce: > Greetings: > > My test system: > FreeBSD 4.9-stable > Pentium III 800 > > I read an earlier post about using chkrootkit to check for root kits > (intrusions). I'm still learning about FreeBSD so I thought I would run > this too. > > Well... I installed and ran chkrootkit. And the output shows that: > > Checking `chfn'... INFECTED > Checking `chsh'... INFECTED > Checking `date'... INFECTED > Checking `ls'... INFECTED > Checking `ps'... INFECTED > > No rootkits were found. > > This FreeBSD system is a test server running Postfix, Samba, Apache, > PHP4, MySql, and akpop3. For a firewall I run IPFW. > > This computer sits behind a NAT router (linksys BEFSR41). The Linksys > router forwards a few ports (25, 110, 80) to a different server (a > Redhat-9 system). However, NO PORTS are forwarded to this FreeBSD system. > > My Redhat-9 server that runs Apache, Mysql, php4, and postfix. > > Question: Does chkrootkit ever generate false positives? >
Michael, I cannot answer your question, but rather throw in my false positive question as well. I am running FBSD 5.0 release with named, Apache, MySQL, and Samba too. I receieved the exact same positives from my system. Everything else is fine. In Googling I found a question as such and the only reply was FAQ and read the archives, to wit, some joker has a name of chkrootkit and you get a zillion of his mails, yet nothing helpful otherwise. Looking forward to hearing something too. -- Bob "Play is the work of children. It's very serious stuff. And if it's properly structured in a developmental program, children can blossom." -Bob Keeshan aka `Captain Kangaroo' _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"