Re: Do I have an infected init file?

看板FB_security作者時間20年前 (2005/05/13 05:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/4 (看更多)
On Thu, 12 May 2005, DH wrote: > I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & > 0.45 report that my /sbin/init file is infected. I should mention that 4.10-release is up to p13. You should really think about patching up to current. > It appears as though the egrep for "UPX" in the output of "strings" > triggers the infected notice. When I copy the init file from an > uninfected box to this one chkrootkit continues to report it as > infected. Is chkrootkit reading a copy of the /sbin/init file stored in > active memory? If my machine is compromised, which rootkit is installed > / how can I find out which rootkit is installed? The easiest way to figure out if you are rooted is probably to download or create a clean version of /sbin/init, and compare the two files. Creating might take some work, you'd have to install a clean 4.10, patch it to p2, and make world. -- Matt Piechota Key Available from pgp.mit.edu PGP Key fingerprint = FC90 4D65 2F8A 38E9 D1A8 FABB 7AE8 C194 5EC8 9CAD _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 piechota. 的文章
文章代碼(AID): #12WyGK00 (FB_security)
更多 piechota. 的文章
文章代碼(AID): #12WyGK00 (FB_security)