chkrootkit, rkhunter

A

Anonymous

Guest
Hi!

My system: new installed FreeBSD 7.1, KDE 3.5.10

I ran chkrootkit and I got:

...
Checking `sshd'... /usr/bin/strings: Warning: '/' is not an ordinary file
...
...
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit installed...

I ran rkhunter -c also and on the end I have:

System checks summary
=====================

File properties checks...
Required commands check failed
Files checked: 103
Suspect files: 0

Rootkit checks...
Rootkits checked : 77
Possible rootkits: 0

Applications checks...
Applications checked: 4
Suspect applications: 0

I am confused about chkrootkit and the line:
Searching for t0rn's v8 defaults... Possible t0rn v8 \(or variation\) rootkit installed...

Thanks in advance.
 
I would check with the chkrootkit support channels, there has often been problems with it misdetecting things on FreeBSD.
 
r-c-e said:
Both have their purpose I suppose....

I belive but why this "false" positive on fresh installed computer, never connected to the internet? My friend installed yesterday and had yhe same.
 
The rkhunter warning seems like a false-positive. Seems rkhunter checks for:

/usr/lib/libproc.a

That is installed with FreeBSD 7.1 and once found, rkhunter reports it.
 
Back
Top